• OHK ❘ MOSAIC
  • SERVICES ❘ SECTORS
    • ⧉ Advisory Services
    • ⧉ Sectors Focus
  • DIGITAL
    • ⧉ Transformation
    • ⧉ Data Science
  • SPATIAL ❘ DESIGN
    • ⧉ Planning Solutions
  • INNOVATION ❘ TECH
    • ⧉ Startup Consulting
    • ⧉ Innovation Contests
    • ⧉ Venture R&D
    • ⧉ Platforms ❘ Apps
    • ⧉ Venture Fund@OHK
  • PEOPLE ❘ DEVELOPMENT
    • ⧉ Learning
    • ⧉ Climate Equity
    • ⧉ Sustainability
    • ⧉ Heritage
  • RESOURCES ❘ PRODUCTIVITY
    • ⧉ Green Economy
    • ⧉ Sustainable Buildings
  • CLIENTS ❘ INSIGHTS
    • ⧉ References
    • ⧉ Spotlights
    • ⧉ Thought Leadership
    • ⧉ Retrospective
  • HIGHLIGHTS
    • ⧉ Milestones
    • ⧉ 2020-2024
    • ⧉ 2015-2019
    • ⧉ 2010-2014
    • ⧉ 2005-2009
    • ⧉ 2000-2004
    • ⧉ 1995-1999
  • SPONSORSHIPS
    • ⧉ Beyond-Funding
    • ⧉ OHK x UC BERKELEY
  • HERITAGE IMPACT ❘ SHOWCASE
    • ⭕ Join the Circle
  • ABOUT
    • ⧉ Inspiration ❘ Values
    • ⧉ OHK Anywhere
    • ⧉ Contact Us
    • ⧉ Our Offices
  • CLIENT AREA ❘ DOWNLOADS
OHK Consultants: Strategy ❘ Innovation ❘ Development
  • OHK ❘ MOSAIC
  • SERVICES ❘ SECTORS
    • ⧉ Advisory Services
    • ⧉ Sectors Focus
  • DIGITAL
    • ⧉ Transformation
    • ⧉ Data Science
  • SPATIAL ❘ DESIGN
    • ⧉ Planning Solutions
  • INNOVATION ❘ TECH
    • ⧉ Startup Consulting
    • ⧉ Innovation Contests
    • ⧉ Venture R&D
    • ⧉ Platforms ❘ Apps
    • ⧉ Venture Fund@OHK
  • PEOPLE ❘ DEVELOPMENT
    • ⧉ Learning
    • ⧉ Climate Equity
    • ⧉ Sustainability
    • ⧉ Heritage
  • RESOURCES ❘ PRODUCTIVITY
    • ⧉ Green Economy
    • ⧉ Sustainable Buildings
  • CLIENTS ❘ INSIGHTS
    • ⧉ References
    • ⧉ Spotlights
    • ⧉ Thought Leadership
    • ⧉ Retrospective
  • HIGHLIGHTS
    • ⧉ Milestones
    • ⧉ 2020-2024
    • ⧉ 2015-2019
    • ⧉ 2010-2014
    • ⧉ 2005-2009
    • ⧉ 2000-2004
    • ⧉ 1995-1999
  • SPONSORSHIPS
    • ⧉ Beyond-Funding
    • ⧉ OHK x UC BERKELEY
  • HERITAGE IMPACT ❘ SHOWCASE
    • ⭕ Join the Circle
  • ABOUT
    • ⧉ Inspiration ❘ Values
    • ⧉ OHK Anywhere
    • ⧉ Contact Us
    • ⧉ Our Offices
  • CLIENT AREA ❘ DOWNLOADS

Top Page Title Art Squares

When AI Enters High-Stakes Systems

Anthropic, Maven, and What Emerging AI Deployment Reveals

This article does not argue for or against military strategy, nor does it assess battlefield doctrine or operational choices. Its purpose is diagnostic. Using the Anthropic–U.S. government dispute as an entry point, it examines what is technologically new, how large language models may actually function inside complex systems, why the public sees only fragments of these deployments, what companies disclose about testing, and what independent research is beginning to show. The goal is to understand the system before judging its meaning. This is Part I of a two-part series. It establishes the foundation for the discussion by clarifying the dispute, tracing the shift from narrow automation to LLM-based systems, examining how these systems may operate in practice, and showing why public knowledge comes only through procurement, testing disclosures, and early simulation research. In other words, it maps the terrain.

Reading Time: 25 min.

All illustrations are copyrighted and may not be used, reproduced, or distributed without prior written permission.

Summary: Part I traces the movement from bounded automation to general-purpose AI embedded in high-stakes workflows. It begins by clarifying the Anthropic dispute as a question of AI ethics rather than military strategy, then explains what is actually new about large language models, how they may function as acceleration layers for analysts, and why procurement disputes and corporate disclosures provide only rare and partial windows into otherwise hidden systems. It concludes with testing and simulation research, showing that some risks are already visible even where transparency remains incomplete. The arc moves from framing, to mechanism, to evidence, to a more complex picture of risk — one in which these systems are already present, partly observable, and no longer reducible to a simple human-versus-machine binary. The overall arc is: the Anthropic dispute framed not as a question of military strategy but as a window into AI ethics and system design → the shift from older bounded automation toward general-purpose language models as the real technological break → the likely workflow inside the system, where LLMs act less as autonomous actors than as acceleration layers for analysts → procurement, public statements, and safety disclosures as the partial mechanisms through which these systems become visible → testing and simulation research as the first external evidence that some risks are already legible despite limited transparency → a concluding recognition that these systems are already present, partly observable, and not reducible to a simple human-versus-machine binary.

Disclaimer: OHK is a management consulting firm. This article does not provide military analysis, operational advice, or strategic guidance. It examines the Anthropic–U.S. government dispute solely through the lens of AI ethics, governance, institutional use, and risk.

A dispute clarified: not military strategy, but AI ethics

The first point that needs to be stated clearly is a disclaimer of scope. This article does not analyze military strategy, operational doctrine, or the conduct of war. It examines a narrower but increasingly important question: what happens when general-purpose AI becomes embedded in high-stakes state decision systems, and who gets to define the acceptable limits of that use. Anthropic’s own public position makes this framing possible, because the company has not rejected all national-security work; instead, it has argued for specific ethical boundaries around certain uses of its models.

That distinction matters because public debate often collapses very different forms of AI deployment into one undifferentiated category. Yet there is a meaningful difference between a model used to summarize complex information, a model used to accelerate operational planning, a system used to support surveillance, and a system used to select or engage targets autonomously. Once these categories are blurred together, the real governance questions also become blurred. The issue is no longer whether one is “for” or “against” military AI in the abstract, but how to distinguish assistance from delegation, acceleration from substitution, and lawful use from morally acceptable use.

Anthropic has publicly said Claude is extensively deployed across U.S. national-security agencies for functions such as intelligence analysis, simulation, operational planning, and cyber operations. At the same time, the company says it objected to two specific exceptions the government would not carve out: mass domestic surveillance and fully autonomous weapons. In other words, the dispute is not about whether AI may be used in state institutions at all. It is about which forms of use remain ethically unacceptable even when the government considers them lawful or operationally useful.

That is what gives the dispute its broader importance. It exposes a fault line that extends far beyond one company or one contract. On one side is the view that private model developers may participate in public systems while still preserving substantive red lines around certain downstream uses. On the other is the view that once a use is lawful and mission-relevant, contractors should not be able to impose their own policy vetoes. This is what makes the controversy more than a procurement disagreement. It is an early struggle over whether ethical boundary-setting for frontier AI belongs primarily to the state, to the firm, or to a democratic process that has not yet fully caught up.

The real argument is not whether AI belongs in government systems, but where its ethical boundaries should stop.

Questions this framing immediately raises: (i) Can an AI company realistically participate in national-security work while still claiming to stand outside operational responsibility? (ii) Where does ethical participation end and practical complicity begin once a model is embedded in state systems? (iii) Is it sustainable to separate AI ethics from military strategy when the technology directly affects operational workflows? (iv) Do narrow red lines make a company more credible, or do they simply mask deeper involvement? (v) If a company supports most uses but objects to a few, who decides whether that distinction is meaningful?

From narrow automation to LLMs: what is actually new

Autonomous and semi-autonomous systems are not new. Bounded software systems have existed for decades in both civilian and defense settings, from autopilot-like control systems to radar processing, sensor fusion, and machine-learning models designed for narrow tasks such as image classification or anomaly detection. In that older paradigm, the system was generally built for a particular function, operated inside known constraints, and was evaluated according to a more limited performance envelope.

The novelty of the present moment lies elsewhere: in the arrival of large language models and other foundation models as general-purpose interfaces across many different streams of data, tools, and institutional functions. What makes them different is not only that they can generate language. It is that they can sit above many narrower systems and translate fragmented technical complexity into a more unified, conversational, and operationally usable form. In effect, the model becomes less a single-purpose tool and more a connective layer across tools.

That shift matters because an LLM is not just another classifier. It can synthesize text, imagery-linked descriptions, logs, queries, and heterogeneous inputs into a more unified operational picture. Anthropic’s own statements describe Claude as being used for intelligence analysis and operational planning, while public reporting describes the combination of Palantir’s Maven Smart System and Claude as helping identify, prioritize, and organize very large volumes of targeting-related information. The significance is therefore not merely that AI is present, but that a general-purpose model can turn complexity into action-ready structure.

That in turn changes the governance question. Earlier bounded systems could often be evaluated according to whether they performed a defined task well or poorly. General-purpose models complicate that logic because their role is not confined to one task. They can reframe, sequence, summarize, and mediate across many stages of a workflow at once. Their power often lies less in one dramatic act than in the cumulative shaping of what humans see, what they ignore, and what they are nudged to treat as most salient. This makes them institutionally different from older forms of automation, even when they are introduced gradually and appear at first to function merely as helpful assistants.

The frontier is no longer a machine recognizing one thing, but a model organizing many things into a decision environment.

What this shift forces us to ask: (i) At what point does a general-purpose model cease to be “just another tool” and become the system that shapes all other tools? (ii) Is the real leap in AI capability about better analysis, or about the unification of many fragmented systems into one interface? (iii) Should LLMs be governed differently from earlier machine-learning tools because of their broader role in synthesis and prioritization? (iv) Does the transition from narrow AI to general-purpose AI create a new category of institutional risk? (v) Are current policies too rooted in old definitions of automation to capture what LLMs actually change?

How the system may work: an acceleration layer for analysts?

A plausible interpretation of these deployments is that the large language model is not replacing the intelligence analyst outright, but accelerating the analyst’s interaction with a much larger technical stack. In a conventional workflow, analysts may need to move across multiple databases, sensor feeds, imagery systems, intelligence queries, and command platforms, often through specialized interfaces and structured search commands. In an LLM-enabled environment, much of that interaction can shift into natural language. Instead of manually navigating each layer, the analyst may ask the system to retrieve relevant information, filter it according to selected criteria, rank results by priority, and present the output in a more readable and operationally usable form.

Under that interpretation, the LLM’s role is less that of an autonomous actor and more that of an interface and acceleration layer between the human and a broader intelligence or command-support architecture. Its value lies in reducing friction, compressing decision time, and helping analysts work through much larger volumes of heterogeneous data than would otherwise be manageable. The analyst may still define the criteria, request the outputs, and make the formal judgment, but the AI increasingly structures how the information is surfaced, sorted, and understood.

This is where the ethical question sharpens. If the machine identifies candidate targets, ranks them, attaches explanations or coordinates, and compresses the time available for review, then it does not need to make the final decision in order to shape that decision materially. The human remains formally present, but the field of choice is increasingly pre-structured by the system. This is why the governance issue is no longer simply whether a human stays “in the loop,” but whether that person’s judgment remains meaningfully independent once the AI has already framed what seems most urgent, relevant, or actionable. DoD policy itself uses the broader phrase “appropriate levels of human judgment over the use of force,” which implicitly recognizes that a token human click is not the whole issue.

The most consequential power of the LLM may be not replacing judgment, but quietly arranging it.

The deeper uncertainties begin here: (i) If the AI suggests, ranks, filters, and explains the options, how much of the final human judgment is still genuinely independent? (ii) When does acceleration become substitution, even if the human still makes the final call? (iii) Can a human remain meaningfully “in the loop” if the loop itself is increasingly shaped by machine logic? (iv) Should governance focus less on final decision authority and more on how options are framed upstream? (v) If an analyst relies on AI to structure the field of choices, who is accountable for what was omitted or deprioritized?

How this becomes visible: procurement as public evidence

One of the most revealing aspects of this controversy is not only the technology itself, but how the public comes to know about it. In the defense world, departments issue calls, tenders, and procurement frameworks to industry, and firms respond either individually or in partnership. In other cases, the government contracts directly with specific technology firms, as it did with Anthropic and other frontier AI providers. Normally, much of this architecture remains outside public view, especially when the work sits inside classified systems, subcontracting chains, or sensitive operational environments.

That architecture matters because the most consequential uses of AI are often not visible at the level of the model alone. They sit inside larger procurement ecosystems involving prime contractors, platform providers, government customers, cloud environments, and sometimes classified technical stacks that the public cannot inspect directly. What emerges into view, therefore, is usually not a full picture of how the system works, but fragments: a contract dispute, a procurement notice, a public statement, a lawsuit, a leak, a company press release, or a rare journalistic account.

That is why this dispute matters beyond the immediate facts. The public usually does not see the internal red lines companies attempt to preserve, the exceptions governments refuse to accept, or the contractual terms that become the real battleground for AI governance. In this case, visibility exists only because a disagreement spilled into public statements, litigation, and press reporting. The resulting picture is incomplete, but it is unusually valuable precisely because this is not how most AI-state relationships become visible.

This creates an odd condition of partial legibility. We know enough to see that frontier models are entering high-stakes state systems in operationally meaningful ways. We do not know enough to fully evaluate the downstream consequences of those deployments. That gap between partial visibility and incomplete understanding is itself a core feature of the current moment. What we know here is limited, but we know it only because the relationship broke open.

In frontier AI, procurement disputes may reveal more about real-world use than product demos ever will.

This limited visibility leaves pressing questions: (i) If the public learns about high-stakes AI only through litigation and leaks, can democratic oversight ever be adequate? (ii) Are procurement documents becoming the real public record of AI governance in sensitive domains? (iii) How much of AI deployment risk is hidden not in the model itself, but in the contractual architecture around it? (iv) Should governments be required to disclose more about how general-purpose AI is being integrated into public systems? (v) If visibility depends on disputes, what remains invisible when everyone agrees behind closed doors?

Transparency in testing: what companies show and what remains uncertain

It would be wrong to say that frontier AI companies disclose nothing about how they test their systems. In fact, a notable degree of transparency now exists. Anthropic publishes system cards, a Transparency Hub, and periodic risk reports that describe testing methods, safeguards, risk thresholds, and selected evaluation results. Its recent materials discuss model assessments in areas such as biological and chemical misuse, prompt injection, agentic computer use, alignment-related behaviors, and broader catastrophic-risk categories under its Responsible Scaling Policy. OpenAI has also published system cards and described its Preparedness Framework, including model evaluations, red teaming, post-deployment monitoring, security controls, and risk categories such as cybersecurity, chemical and biological threats, persuasion, and autonomy. At the industry level, the Frontier Model Forum has also outlined shared practices for “Frontier Capability Assessments,” especially in CBRN, advanced cyber, and autonomous behaviors.

This matters because it shows that at least some of the benchmarks, test categories, and evaluation concepts used by the frontier AI industry are not hidden. There are now public documents describing how models are stress-tested, what kinds of misuse scenarios are simulated, what forms of red teaming are used, and how deployment standards are justified. Anthropic’s own materials, for example, discuss higher-difficulty harmful-request evaluations, ambiguous-context testing, prompt-injection resistance, agentic misuse, and even the limits of existing benchmark saturation when safer models begin to score near-perfectly on older tests. That kind of disclosure is imperfect, but it is real.

But this transparency has a limit, and that limit is central to your article. Publishing evaluations is not the same as proving safety in the real world. Many current benchmarks measure model capability under controlled conditions, refusal behavior in stylized scenarios, or resistance to crafted attacks in laboratory settings. Those tests are useful, but they do not automatically tell us how well a model predicts real-world impact once it is embedded inside institutional workflows, connected to tools, or used as a proxy for broader operational judgment. Even the Frontier Model Forum says assessment methods vary significantly in resource intensity and evidentiary strength, and that the science of these assessments is still rapidly evolving. A recent review on AI safety benchmarking makes the same point more directly: the field still struggles to connect benchmark performance to the world in a scientifically robust way.

That is the deeper problem. We increasingly have access to tests, benchmarks, system cards, and risk frameworks, but it is much less clear how these should be interpreted when models are being used as proxies for risk, judgment, or downstream impact. A model may perform well on cyber or CBRN refusal tests and still materially reshape how humans prioritize, escalate, or act inside complex institutions. In other words, the industry is getting better at showing how it tests models, but it is still much less certain how to test what really matters when those models become part of real-world systems. Transparency has improved; validity remains the harder question.

The AI industry is becoming more transparent about how it tests models, but still far less certain about whether those tests truly and accurately measure real-world risk.

What this transparency still leaves unresolved: (i) How much confidence should the public place in benchmark scores that may measure capability more easily than consequence? (ii) When companies publish safety evaluations, are they disclosing enough to enable independent scrutiny, or mainly enough to signal responsibility? (iii) Can controlled testing in cyber, CBRN, or agentic misuse ever fully capture how models behave once embedded in live institutional systems? (iv) If benchmarks are increasingly used as proxies for risk, who decides that those proxies are valid? (v) As models become more general-purpose and integrated, what would a truly real-world evaluation framework need to look like?

Escalation in simulation: what the research is really showing

One reason this debate cannot be dismissed as abstract is that researchers have already begun testing how large language models behave in simulated crisis and war-game environments, including nuclear scenarios. The results do not show that AI systems are ready to “launch nuclear war” in any real-world sense, but they do show something troubling: under certain structured conditions, several models escalated conflict more readily than many observers would expect, and in some studies more readily than human participants in comparable experiments. A 2024 study by J. P. Rivera and co-authors found that all five off-the-shelf LLMs they tested showed forms of escalation and unpredictable escalation patterns, with arms-race dynamics and, in rare cases, even nuclear deployment. A 2026 King’s College London study led by Kenneth Payne found that in a tournament of simulated nuclear crises, all games involved at least one instance of nuclear signalling and 95% involved mutual nuclear signalling, while full strategic nuclear war remained rarer.

What makes these findings important is not that they predict real-world launch behavior directly, but that they reveal something about machine reasoning under pressure. Payne’s study found that frontier models could engage in deception, credibility management, theory-of-mind reasoning, and deadline-driven escalation, while also appearing not to share a strong human-like nuclear taboo. SIPRI, summarizing the earlier research, notes that LLMs in fictional escalation scenarios often selected more escalatory options than human participants, raising concerns not only about model behavior but also about automation bias and overreliance when these systems are used as decision-support tools. The concern, then, is less that an LLM becomes a rogue commander and more that it becomes an increasingly influential participant in a decision chain where its recommendations may normalize or accelerate escalatory thinking.

At the same time, these studies have to be interpreted carefully. They are simulations, not real command systems. Their scenarios are stylized, and the outcomes may be sensitive to framing, objectives, time pressure, and game design. Payne explicitly states that the simulations are artificial and that the value of the exercise lies in understanding how models reason, where they resemble human strategic logic, and where they diverge from it. So the most defensible conclusion is not that AI is inherently more likely than humans to start nuclear war, but that existing research has already uncovered enough simulated escalatory behavior to make the use of LLMs in crisis decision-support a serious AI-safety and governance issue.

The real warning from various research is not that AI has proven it would start a nuclear war, but that it may reason about escalation in ways humans should not casually trust.

What this evidence still leaves unresolved: (i) How much of observed escalation comes from the model itself, and how much from the structure of the simulation around it? (ii) If models escalate more readily in stylized crises, what happens when they are embedded in real-world time pressure and institutional workflows? (iii) Are current safety evaluations capturing strategic-risk behavior well enough, or mostly measuring narrower misuse categories? (iv) Should models that show escalatory tendencies in simulation be barred from certain decision-support roles, even if they perform well elsewhere? (v) If the public hears that AI models escalate readily in war games, what level of assurance would be needed before any high-stakes deployment could be considered legitimate?

Closing of Part I: visible enough to matter, partial enough to trust imperfectly

Part I has tried to do something deliberately limited but necessary: to understand what is happening before deciding what should be done about it. The picture that emerges is neither one of total opacity nor one of clear accountability. These systems are not fully hidden. We can see them through disputes, procurement pathways, corporate testing disclosures, and early external research. But neither are they fully legible. Much of what matters most still sits in the space between documented use, plausible inference, and institutional secrecy.

That ambiguity is itself part of the problem. The systems are already here. Some of their behavior is visible. Some of it is tested. Some of it is troubling. Yet the evidence already suggests that the risks cannot be reduced to a simple human-versus-machine binary. The more important question is not whether humans remain somewhere in the chain, but how their judgment is being shaped, accelerated, and conditioned by the systems around them.

That is where Part II begins. If Part I maps the terrain of deployment, workflow, visibility, and emerging evidence, Part II turns to consequence. It asks what these systems do to human confidence, dependence, bias, legitimacy, and rule-setting — and who, if anyone, has the authority to define the limits before deployment outruns governance.

The systems are already present, partly observable, and complex enough that the real challenge now lies not only in seeing them, but in deciding how they should govern and be governed.

What this first mapping now leads us toward: (i) If the systems are visible enough to raise concern but not transparent enough to fully evaluate, what kind of oversight is actually possible? (ii) If testing, procurement, and simulation each reveal only fragments, how should those fragments be combined into a meaningful picture of risk? (iii) If the human-versus-machine framing is already too simple, what new language is needed to describe how judgment is actually being shaped? (iv) At what point does a diagnostic picture of deployment become a political question about legitimacy and control? (v) If Part I shows that the systems are already here, what does Part II need to explain about how society should live with them?

The central insight of Part I is that the real governance problem does not begin only when humans disappear from the system altogether. It begins earlier, and more quietly, when human judgment remains formally present but is increasingly arranged, accelerated, and conditioned by the systems around it. What this first part reveals is that frontier AI is no longer a hypothetical future layered on top of institutions from the outside; it is already entering consequential workflows in ways that are partly visible, partly tested, and already complex enough to unsettle the old human-versus-machine framing. The deeper shift, then, is not simply from human decision to machine decision, but from visible human judgment to machine-shaped judgment that still appears human on the surface.


At OHK, we help clients turn AI complexity into practical strategy. Our AI advisory work combines governance, implementation planning, market insight, and organizational readiness to support better decisions on adoption, risk, and long-term value. We connect AI capability, business use, infrastructure, governance, and public trust into one clear framework so clients can move beyond hype, vendor narratives, and reactive decision-making. Whether the issue is AI strategy, deployment, governance, or digital transformation, our aim is the same: clearer judgment, stronger frameworks, and better long-term outcomes. Contact us to learn how OHK’s AI advisory capabilities can support your next phase of decision-making and transformation.



 

OHK | MOSAIC | CONTACT US
Objective-Driven, Human Capital, Passion for Knowledge Accessibility
© 2026 OHK Consultants, including artwork, photos, videos. Logos belong to respective organizations.