Military AI as 'Abnormal' Technology: Why the Battlefield Defies Silicon Valley's Governance Playbook

On February 27, 2026, the Pentagon designated Anthropic — maker of the frontier AI model Claude and the first AI company deployed on U.S. classified networks — as a national security supply chain risk. The stated reason: Anthropic had imposed contractual restrictions on how the military could use its technology, refusing to grant blanket authorization for mass domestic surveillance and fully autonomous weapons. Less than 24 hours later, U.S. military forces reportedly used that same AI model to initiate targeting operations in Iran. The juxtaposition is not merely ironic. It is, as West Point law professor Scott Sullivan writes in a landmark pair of Lawfare analyses published this week, 'analytically instructive' — a window into why military artificial intelligence cannot be governed by the same frameworks that are slowly emerging for commercial AI [1].

Sullivan's central argument is deceptively simple: while AI may function as a 'normal' technology in boardrooms and hospitals — subject to market discipline, legal liability, and regulatory friction — in the military domain it becomes something fundamentally different. The structural forces that ordinarily constrain technological deployment are weakened, inverted, or absent altogether. In their place, military institutions operate within incentive systems that reward speed over caution, externalize the costs of failure to populations with no voice in procurement decisions, and cloak performance data behind layers of operational secrecy. The result is not just a faster pace of adoption but a qualitatively distinct governance challenge — one that demands entirely new legal and institutional frameworks [1].

The 'Normal Technology' Thesis and Its Military Exception

The intellectual backdrop for Sullivan's analysis is the influential 'AI as Normal Technology' framework articulated by Princeton computer scientists Arvind Narayanan and Sayash Kapoor. Published as a major essay by the Knight First Amendment Institute in April 2025 and expanded into a forthcoming book, their thesis contends that artificial intelligence — despite the breathless rhetoric surrounding it — is best understood as a general-purpose technology akin to electricity or the internet [3]. Its diffusion, they argue, will be gradual and uneven, shaped by the same institutional inertia, risk aversion, regulatory friction, and integration costs that have governed every prior technological revolution.

The 'normal technology' lens has proven enormously useful for deflating AI hype. It offers a corrective to both utopian visions of imminent superintelligence and dystopian narratives of existential risk. But as Narayanan and Kapoor themselves explicitly recognize, military AI is an exception possessing 'unique dynamics that require a deeper analysis' [3]. Sullivan's contribution is to provide exactly that deeper analysis — and his conclusions are sobering.

Structural Feature One: Arms-Race Incentives

In most industries, organizations have limited incentives to deeply integrate AI into their current operations. Commercial entities with healthy bottom lines are generally hesitant to deviate from proven systems and processes. This reluctance is amplified where the costs of failure are high. Healthcare provides a telling example: despite being among the most mature sectors in developing AI tools, adoption remains slow because risk-averse practitioners prefer established methods to tools they perceive as untested and opaque. Corporate legal liability regimes and medical malpractice standards reinforce this caution.

Military institutions operate under a radically different calculus. The strategic logic of warfare rewards even marginal operational advantages, especially when derived from technologies that increase speed, precision, or decision-making superiority. Innovation is embedded in a competitive arms-race logic: as military commanders frequently remind us, 'the enemy gets a vote.' This creates a structural incentive to prepare for worst-case scenarios, placing a premium on the speed of integration that has no parallel in civilian markets [1].

The Pentagon's AI Acceleration Strategy, signed by Defense Secretary Pete Hegseth in January 2026, crystallizes these dynamics with remarkable candor. The strategy explicitly frames AI integration as a 'race' in which 'speed wins,' directing the department to 'accept that the risks of not moving fast enough outweigh the risks of imperfect alignment.' Most provocatively, the strategy mandates that military exercises failing to 'meaningfully incorporate AI and autonomous capabilities' be reviewed for 'resourcing adjustment' — effectively penalizing any unit that does not adopt AI at a pace deemed sufficient by senior leadership [1].

The risks of not moving fast enough outweigh the risks of imperfect alignment.

This top-down mandate to accelerate has no analog in the private sector, where thousands of independent firms retain discretion over the timing and scope of their technology adoption. No CEO can compel an entire industry to integrate AI on a fixed timeline. But Defense Secretary Hegseth can — and has — created precisely that compulsion across the world's largest bureaucracy.

Structural Feature Two: Externalized Costs

When commercial AI systems fail, the costs are typically borne by the organizations that deployed them. Companies that have utilized AI in employment screening, customer service, and content creation have all faced significant reputational harm, legal liability, and regulatory penalties when their tools failed to meet customer needs or comply with legal requirements. These internalized costs create powerful feedback loops: firms learn from their mistakes because they pay for them.

In the military context, this error-correction mechanism is structurally weakened or absent. The costs of failed weapons projects, inaccurate targeting systems, and botched procurement decisions are borne not by the institutions that make them but by taxpayers who fund them and, in the most consequential cases, by civilians who die from them [1].

The $800 Million Experiment

The Pentagon's GenAI.mil initiative illustrates the financial dimension of this externalization. In mid-2025, the Chief Digital and Artificial Intelligence Office (CDAO) executed separate contracts worth up to $200 million each with four competing AI companies — Google, OpenAI, xAI, and Anthropic — investing simultaneously in parallel AI platforms rather than selecting a single provider. The size and diversity of this portfolio insulates the military from any single failure while demonstrating a willingness to absorb financial losses that no commercial enterprise would tolerate [1]. The implicit logic is that in a domain defined by strategic competition, the cost of missing the next technological advantage is deemed greater than the cost of funding four simultaneous experiments that may produce nothing.

Costs Paid in Civilian Lives

But externalized costs are not limited to financial waste. The most consequential form of cost externalization occurs when the errors and design choices of AI systems are borne by civilian populations who had no voice in their development or deployment.

The deployment of AI targeting tools by the Israel Defense Forces in Gaza provides the most extensively documented case study. After the launch of its operations following October 7, 2023, the IDF introduced AI systems including Lavender — designed to identify individual targets — and Habsora ('the Gospel'), which identifies buildings and structures for bombing. According to investigations by +972 Magazine and The Guardian drawing on testimonies from six Israeli intelligence officers, Lavender generated approximately 37,000 target recommendations in the initial weeks of the conflict, expanding the target identification rate from roughly 50 per year to 100 per day [4].

Sullivan's analysis identifies the structural mechanism through which this AI-enabled target proliferation increases civilian harm — even assuming every identified target is lawful. Under international humanitarian law, the principle of proportionality is assessed strike by strike rather than cumulatively. Each newly identified lawful target creates a new strike opportunity in which some level of incidental civilian damage may be deemed proportionate. By dramatically expanding the target set, AI-enabled systems can significantly increase total civilian casualties without technically violating the governing legal standard [1]. The technology does not change the law; it exploits the law's structure.

The Ukrainian Laboratory

Ukraine offers a different but equally revealing window into cost externalization. The 'Test in Ukraine' program, launched by the government-backed defense technology accelerator Brave1, explicitly converts an active battlefield into a product-development environment for foreign defense firms. International manufacturers receive real-time performance data and iterative feedback from combat conditions — benefits that would ordinarily require decades of simulated testing at enormous expense.

The program's appeal to foreign companies lies precisely in the externalization of risk. As Brave1 leadership has explained, 'In Ukraine, everything happens much faster: there's no need to wait months for testing permits, and feedback from technical and military experts comes almost instantly.' The speed is a direct function of the absence of regulatory safeguards that would ordinarily accompany the deployment of untested weapons systems [1]. In the civilian world, testing an unproven medical device on patients without regulatory approval would constitute a criminal offense. In the military domain, it is a selling point.

Structural Feature Three: Epistemic Opacity

The third structural feature Sullivan identifies — epistemic opacity — may be the most insidious, because it undermines the very possibility of evaluating whether the first two features are producing acceptable outcomes.

In the civilian realm, AI failures tend to surface quickly. When a chatbot fabricates legal citations, the judge notices. When an AI hiring tool discriminates, plaintiffs sue. When an autonomous vehicle causes a fatality, the investigation is public. These feedback mechanisms — imperfect as they are — create opportunities for correction, accountability, and iterative improvement.

In military applications, every layer of this feedback loop is degraded. Operationally, gauging the accuracy of high-stakes decisions is difficult whether they are made by humans or machines. Access to ground truth is fundamentally incomplete in most operational settings: intelligence assessments and battlefield reporting unfold under conditions of deep ambiguity. Human cognition under these conditions favors coherence over uncertainty, and institutional pressures — both implicit and explicit — reward narratives of success. Sullivan cites military research finding that approximately half of all civilian harm incidents between 2007 and 2012 were products of misidentification, with confirmation bias representing a recurring structural challenge [1].

Legal doctrines compound this operational opacity. Classification regimes restrict access to the data needed for independent evaluation of AI systems. Doctrines such as the state secrets privilege and limitations on governmental liability shield military technologies from external scrutiny even when failures occur. Legal standards for accountability in national security contexts defer heavily to executive assessments — which are themselves shaped by institutional incentives to portray emerging technologies as both effective and compliant [1].

The AI Acceleration Strategy itself demonstrates this structural opacity in action. The strategy includes classified annexes governing 'special initiatives' that are exempt from public disclosure. Combined with the strategy's mandate for a 'wartime approach to blockers,' the emerging institutional posture is one in which the speed of AI integration is explicitly prioritized over procedural safeguards that might enable greater visibility into what these systems do — and what they get wrong.

Governance by Contract: A Companion Crisis

If Sullivan's analysis explains why military AI is structurally abnormal, a companion article published simultaneously by Jessica Tillipman — a professor at George Washington University Law School and expert in government procurement — explains how governance is failing to keep pace [2]. Tillipman's diagnosis is equally alarming: the United States has effectively moved toward governing military AI through bilateral vendor contracts rather than through statutes, regulations, or democratic deliberation.

This 'regulation by contract' model suffers from several structural deficiencies. Contracts bind only the parties who sign them. They lack the democratic accountability and institutional durability that statutes provide. Enforcement depends not on public institutions but on the technical controls the vendor can maintain once the model is deployed within a government system — and in the national security context, even termination rights may prove illusory [2].

The Anthropic-Pentagon-OpenAI Triangle

The sequence of events that unfolded around February 27, 2026, provides a vivid illustration of Tillipman's thesis. The Hegseth AI strategy memo had directed that all Defense Department AI contracts include 'any lawful use' language within 180 days, effectively requiring vendors to remove any restrictions beyond what is required by law. When Anthropic refused to drop its contractual red lines against mass domestic surveillance and fully autonomous weapons, the Pentagon designated it a supply chain risk [2].

Hours later, OpenAI announced an agreement with the Pentagon. The deal was negotiated in just a few days — CEO Sam Altman later acknowledged it was 'rushed' and 'looked opportunistic and sloppy.' The agreement frames limitations by reference to external legal regimes — the Fourth Amendment, FISA, intelligence oversight statutes — but effectively shifts interpretive authority to the Pentagon. As Tillipman observes, the key distinction between the Anthropic and OpenAI approaches is not their substantive content but their framing: Anthropic sought enforceable prohibitions with vendor control, while OpenAI accepted referential guardrails with government interpretation [2].

You do not get to make operational decisions. The Pentagon will listen to OpenAI's technical expertise, but does not want the company to express opinions on whether certain military actions are good or bad ideas.

Perhaps most revealing is Altman's candid assessment of OpenAI's competitive position: 'I believe we will hopefully have the best models that will encourage the government to be willing to work with us, even if our safety stack annoys them.' And his identification of the structural pressure that limits even this minimal protection: 'There will be at least one other actor, which I assume will be xAI, which effectively will say, "We'll do whatever you want."' In a procurement environment governed by contracts rather than law, vendor leverage diminishes as competition increases [2].

The Constitutional Question

Tillipman identifies a further structural problem with governance by contract: the inadequacy of contractual remedies in the federal procurement context. Even where a contract contains robust restrictions, the government possesses unique powers including unilateral termination for convenience and the authority to direct changes. If these arrangements are structured as Other Transaction (OT) agreements — as much reporting suggests — they operate outside the Federal Acquisition Regulation framework, meaning dispute resolution, termination rights, and remedies exist only to the extent the parties negotiated them [2].

The Anthropic standoff demonstrates an even starker reality. According to reporting, military commanders have become so dependent on Claude that if Anthropic directed the military to cease using it, the administration would use 'government powers' to retain the technology until a replacement is available. When a vendor's only remedy — termination — can be overridden by the state, the contract ceases to function as governance at all [2].

Historical Parallels and the Path Forward

Sullivan is careful to note that legal systems have demonstrated the capacity for adaptation under conditions of technological disruption before. The emergence of nuclear weapons prompted the development of nonproliferation regimes that fundamentally reshaped arms control beyond traditional use-based restrictions. Earlier claims that international law was ill-suited to new forms of conflict — including operations against non-state actors — ultimately gave way to doctrinal evolution and reinterpretation [1].

Military AI may demand a similar paradigm shift: not simply extending existing frameworks but reimagining how accountability, precaution, and oversight operate when decision-making processes become partially opaque and temporally compressed. Sullivan proposes that law of armed conflict rules should not merely regulate outputs at the point of strike but should necessitate design and development choices that reasonably ensure deployment will be lawful by default — a concept he terms 'upstream legal design constraints' [1].

But upstream constraints are only half the solution. Because the abnormality of military AI is institutional as much as it is technical, they must be reinforced by strengthened ex ante review mechanisms and governance structures capable of operating under conditions of secrecy without abandoning meaningful accountability. The challenge is not merely to regulate the outputs of AI-enabled systems but to confront the institutional environments that shape how and why they are adopted [1].

The Stakes of Inaction

The convergence of Sullivan's and Tillipman's analyses paints a portrait of military AI governance that is at once structurally inadequate and rapidly deteriorating. The Pentagon has deployed frontier AI tools to millions of personnel. Ukraine has turned its frontlines into a multinational proving ground. Israel has demonstrated that AI-enabled targeting can dramatically expand the scope of permissible violence without technically violating international humanitarian law. Other states — China, Iran, Saudi Arabia, the United Arab Emirates — are racing to follow similar trajectories [1].

Meanwhile, even modest international efforts to legally constrain military AI appear dead on arrival, while domestic regulatory frameworks show no appetite for constraining national military initiatives amid accelerating geopolitical competition. The Anthropic lawsuit — which challenges the supply chain risk designation as unprecedented, unconstitutional, and a violation of First Amendment rights — may produce the first judicial test of these boundaries. But litigation is reactive; it addresses yesterday's violations, not tomorrow's architectures.

Implications for the AI Industry

For AI companies, the Anthropic-OpenAI divergence represents a defining strategic choice. Anthropic's position — that some uses of its technology are impermissible regardless of legality — is fundamentally incompatible with the Pentagon's 'any lawful use' mandate. OpenAI's position — that the government should interpret what is lawful and the company should provide the best technology — is commercially sustainable but ethically precarious. As Altman himself acknowledges, the competitive pressure from companies willing to operate without safety constraints means that even OpenAI's minimal protections rest on market power rather than legal right [2].

The resolution of this standoff will likely set the template not just for U.S. military AI procurement but for the global market. If the 'any lawful use' model prevails, defense ministries worldwide will have a template for stripping vendor safeguards from AI systems. If Anthropic's position is vindicated — whether judicially or through market competition — it will establish a precedent that AI companies can meaningfully constrain how their technology is used, even by sovereign governments.

Conclusion: Beyond Normal

The Narayanan-Kapoor framework for understanding AI as a 'normal' technology remains valuable for the vast majority of contexts in which AI is being deployed. In healthcare, education, finance, and countless other sectors, AI's adoption will continue to be gradual, uneven, and constrained by the same institutional, economic, and regulatory forces that have governed every prior general-purpose technology [3].

But the military domain is different — structurally, institutionally, and consequentially different. The feedback mechanisms that allow normal technologies to be governed by incremental adjustment and course correction are weakened or absent in military applications. Costs are borne by those who cannot influence procurement decisions. Performance data is classified. Strategic competition rewards speed at the expense of deliberation. And the governance structures that might compensate for these deficiencies are being dismantled in favor of bilateral contracts between governments and vendors — contracts that, as events have demonstrated, can be overridden at the moment they become inconvenient [1][2].

Whether institutions can evolve quickly enough to address this abnormality remains uncertain. What is clear is that the future of military AI will not be determined solely by technical capability but by whether legal and institutional frameworks can adapt to a domain where the tempo of machine-enabled warfare increasingly outpaces the mechanisms designed to constrain it. The answer to that question will shape not only the future of warfare but the trajectory of the broader AI governance debate — because the precedents being set on the battlefield today will inevitably influence the norms applied everywhere else tomorrow [1][4].