Insynergy
← Back to Insights

The Real Problem With Military AI Isn't Ethics. It's Boundary Design.

The conflict between the U.S. Department of Defense and Anthropic is often framed as an ethics debate. It is not. This article argues that the real issue is the absence of a shared architecture for allocating judgment authority between states, AI providers, and autonomous systems. Introducing the concept of Decision Design, it proposes practical frameworks — including a Tri-Layer Decision Model and a Decision Ledger — for structuring responsibility in military AI deployment.

Who decides — and where is the line?

This is the question that no one involved in the current standoff between the U.S. Department of Defense and Anthropic has been able to answer. Not because they lack opinions, but because they lack a shared framework for even asking it.

The dispute is typically framed as an ethics debate: a safety-conscious AI company resisting military overreach. That framing is convenient, widely reported, and almost entirely wrong.

What is actually unfolding is something more fundamental — a structural failure in how judgment authority is allocated between states, corporations, and autonomous systems. It is not a values conflict. It is a design vacuum.

The Structural Landscape

In July 2025, the Pentagon awarded contracts worth up to $200 million each to four frontier AI companies: Anthropic, OpenAI, Google, and xAI (CNBC, 2/18). The objective was to integrate advanced AI into national security operations. Anthropic's Claude became the only model deployed on classified military networks, operating through a partnership with Palantir (The Hill, 2/19).

The arrangement held — until it didn't.

In January 2026, Claude was reportedly used in the operation to capture Venezuelan President Nicolás Maduro (Axios, 2/15). The disclosure triggered a confrontation. Anthropic maintains two non-negotiable constraints: no mass domestic surveillance of Americans, and no fully autonomous weapons without human oversight. The Pentagon views those constraints as operationally unworkable.

Defense Secretary Pete Hegseth stated publicly that the military would not use AI models that restrict warfighting capability (The Hill, 2/19). Senior officials threatened to designate Anthropic a "supply chain risk" — a classification normally reserved for foreign adversaries (Axios, 2/16). Meanwhile, xAI accepted the Pentagon's "all lawful purposes" standard across all classification levels (Axios, 2/19). OpenAI and Google signaled flexibility. Anthropic stood alone.

At nearly the same time, Anthropic disclosed that three Chinese AI laboratories — DeepSeek, Moonshot AI, and MiniMax — had conducted industrial-scale distillation campaigns against Claude, generating over 16 million exchanges through approximately 24,000 fraudulent accounts (Anthropic, 2/23; CNN, 2/24). The distilled models, Anthropic warned, likely lack the safety guardrails built into the originals — creating national security risks of a different kind.

The result is a dual-pressure architecture. On one side, a domestic military demands that safeguards be removed. On the other, foreign adversaries extract capabilities while stripping those same safeguards away. The company sits at the center, holding a line that neither side recognizes as legitimate.

The instinct is to treat this as a morality play. It is not. It is an engineering problem — one that no existing framework adequately addresses.

Why This Is Not an Ethics Problem

Anthropic is not opposed to military use of AI. CEO Dario Amodei has written explicitly that "democracies have a legitimate interest in some AI-powered military and geopolitical tools" (NBC News, 2/20). The company was the first to deploy a frontier model on classified networks and has provided customized models for intelligence customers.

What Anthropic refuses is specific: mass surveillance of its own citizenry and weapons systems that fire without human intervention. These are boundary claims, not blanket objections.

The Pentagon's counterargument is equally specific: the gray areas between surveillance and intelligence collection, between autonomous targeting and automated support, are too numerous and too context-dependent for a private company to adjudicate on a case-by-case basis. As a senior defense official put it, it is "unworkable" for the military to negotiate individual use cases with a vendor (Axios, 2/15).

Both positions are internally coherent. Neither is inherently unreasonable. And that is precisely the problem. This is not a conflict between right and wrong. It is a conflict between two legitimate claims to decision authority over the same domain — with no mechanism for resolution.

Why Existing Frameworks Fall Short

Four frameworks are commonly invoked in discussions of AI governance. Each addresses a real concern. None addresses the specific structural problem at hand.

Governance operationalizes agreed-upon principles within organizations. But the dispute between the Pentagon and Anthropic is about the principles themselves. "All lawful purposes" and "human-supervised limited use" represent competing axioms. Governance structures cannot resolve a disagreement over what the governing axiom should be.

Digital transformation optimizes how organizations adopt and deploy technology. The Pentagon's GenAI.mil initiative — which Undersecretary of Defense Emil Michael described as central to building an "AI-first" enterprise (DefenseScoop, 2/19) — is a textbook DX program. But DX asks "how do we digitize?" — it does not ask "what should remain outside the scope of digitization?" The question of boundary placement is outside its frame.

Automation accelerates execution by removing human bottlenecks. But the meta-judgment — what to automate and what to reserve for human decision — cannot itself be automated. The Pentagon's frustration with case-by-case review reflects the limits of manual process. Full automation of that review, however, would eliminate judgment entirely.

AI ethics establishes value-based constraints on AI behavior: fairness, transparency, accountability. But the current dispute demonstrates that multiple ethical frameworks can coexist, each with legitimate grounding. Anthropic's ethical standard differs from U.S. law, which differs from international humanitarian law. The question is not which ethics are correct, but who has authority to apply which standard in which context — and that is an allocation question, not a values question.

Each of these frameworks has merit. None of them answers the question: who decides where the boundary sits, and by what authority?

The Core Claim: This Is a Boundary Allocation Problem

Consider the symmetry of the two pressures Anthropic faces.

The Pentagon demands the removal of safeguards in order to maximize operational capability. Chinese laboratories bypass safeguards entirely through illicit extraction, deploying stripped-down models without constraint. One pressure comes from within the system of democratic governance; the other from outside it. But both reveal the same structural deficit: there is no agreed-upon architecture for allocating judgment authority between states, AI providers, and the systems themselves.

Anthropic's red lines are corporate policy decisions. The Pentagon's "all lawful purposes" standard is a claim rooted in sovereign legal authority. China's distillation campaigns ignore the question of authority altogether. All three actors are behaving rationally within their own frames. The system stalls because no shared frame exists.

This is not a governance failure. It is not a technology gap. It is not an ethical shortcoming. It is the absence of what might be called Decision Design — the deliberate architecture of judgment allocation.

Decision Design: Definition and Scope

Decision Design is the practice of explicitly structuring who holds judgment authority, over what scope, and under what conditions.

It designs three things:

1. Decision authority — Who is empowered to make a given judgment? A human operator, an AI system, a corporate policy team, a national legal authority, or a joint body?

2. Decision scope — What falls within that authority's domain? Where does delegation end and reservation begin?

3. Decision conditions — Under what circumstances does the allocation change? What triggers escalation? What distinguishes peacetime defaults from wartime overrides?

Decision Design does not determine what the right decision is. It determines where the right decision gets made. It does not produce answers. It produces architecture — the structural precondition for answers to be produced accountably.

In the Pentagon–Anthropic dispute, the question is not "are autonomous weapons ethical?" The question is: "does the authority to determine permissible use reside in a vendor's terms of service, a sovereign government's legal framework, or a jointly governed body — and what happens when those authorities conflict?"

Decision Design addresses exactly that structural question.

What Decision Design is not:

It is not governance — governance operationalizes principles that have already been agreed. Decision Design operates at the pre-consensus layer: who has the authority to agree, and over what.

It is not ethics — ethics asks what should be valued. Decision Design asks who applies which values in which operational context.

It is not compliance — compliance verifies adherence to existing rules. Decision Design asks who writes the rules and where their jurisdiction ends.

Implementation: The Tri-Layer Decision Model

Abstract concepts become useful only when they can be operationalized. The following framework proposes a concrete architecture for allocating judgment authority in military AI deployments.

The Tri-Layer Decision Model separates AI use-case evaluation into three distinct layers, each with its own decision authority, criteria, and escalation logic.

Layer 1: Legality

Layer 2: Capability Safety

Layer 3: Strategic Appropriateness

The critical insight is that the Pentagon's "all lawful purposes" standard and Anthropic's red lines operate at different layers. Legality is a Layer 1 question — and the state's authority there is clear. But Anthropic's objections are Layer 3 concerns: they are claims about strategic risk, not legal permissibility. The current negotiation collapses because all three layers are compressed into a single contractual term.

Separating them does not resolve every disagreement. But it makes disagreements legible, locatable, and negotiable — rather than existential.

Implementation: The Decision Ledger

The second operational tool is the Decision Ledger — a structured record of AI-involved judgments, organized not by action taken but by judgment structure.

Traditional audit logs record what happened. A Decision Ledger records who decided, on what basis, within what scope, and whether escalation occurred.

Core fields:

The Decision Ledger serves three functions.

First, post-hoc accountability. In cases like the Maduro operation, a structured record of Claude's involvement — at what level, in what capacity — would replace ambiguity with evidence. The reported inquiry from Anthropic to Palantir about Claude's use in the raid (Axios, 2/15) would have been unnecessary if a Ledger had been in place.

Second, adaptive boundary calibration. As operational data accumulates, patterns emerge: certain judgment types can be safely delegated to AI; others consistently require human override. The Decision Ledger provides the empirical basis for adjusting Decision Boundaries over time — not through negotiation leverage, but through evidence.

Third, interoperability across alliances. NATO member states operate under different regulatory frameworks for military AI (BISI, 2/20). A standardized Decision Ledger format allows each nation to evaluate AI-assisted decisions against its own standards while sharing a common structure for cross-border coordination.

The first step toward implementation is not a new system. It is a re-annotation of existing AI usage logs using the three structural dimensions — authority, scope, and conditions. Most organizations already generate the raw data. What they lack is the interpretive structure.

Why This Matters Now

The Pentagon has acknowledged using its confrontation with Anthropic as leverage in negotiations with the other three AI providers. A senior official conceded that the dispute was "a useful way to set the tone" for those parallel discussions (Axios, 2/19).

This is boundary allocation by power dynamics. It is comprehensible. It is not design.

Simultaneously, Chinese AI laboratories are bypassing boundaries entirely — extracting capabilities through distillation and deploying models without the safeguards that the originating system was designed to enforce (TechCrunch, 2/23). This is boundary dissolution by external actors. It is predictable. It is also not design.

When boundaries are not designed, they are determined by leverage. Leverage shifts. Boundaries drawn by leverage shift with them. And when an actor simply ignores the boundary — as distillation campaigns do — there is no structural mechanism for detection, enforcement, or recalibration.

Decision Design replaces leverage with architecture. It does not eliminate disagreement, but it makes disagreement structurally manageable. It does not answer the question "what is the right boundary?" — but it ensures the question is asked in the right place, by the right authority, under the right conditions.

AI will not destabilize institutions because it is powerful. It will destabilize them because the boundaries governing its judgment remain undesigned — allocated by default, contested by force, and dissolved by extraction.

The alternative is not stronger ethics, better technology, or broader regulation. It is the deliberate, explicit, structural design of judgment allocation.

Decision Design is the architecture of judgment allocation.

Sources

This article draws on the following reporting and public disclosures:

February 2026

Japanese version is available on note.

Open Japanese version →