The AI company filed two federal lawsuits on Monday, arguing the Trump administration’s ‘supply chain risk’ designation is unconstitutional retaliation for protected speech.

There is a phrase in Anthropic’s court filing that sets the tone for everything that follows: “Anthropic turns to the judiciary as a last resort to vindicate its rights and halt the Executive’s unlawful campaign of retaliation.” It is the language of a company that believes it is not simply fighting a contract dispute, but a constitutional one.

On Monday, the San Francisco-based AI company filed two federal lawsuits against the Trump administration, targeting the Pentagon’s decision last week to formally designate Anthropic a “supply chain risk to national security”, a label that has historically been reserved for companies tied to foreign adversaries such as China and Russia.

It is believed to be the first time the designation has been applied to an American company.

The first lawsuit was filed in the US District Court for the Northern District of California. It asks a judge to vacate the designation and grant an immediate stay while the case proceeds. A second, shorter suit was filed in the US Court of Appeals for the District of Columbia Circuit, targeting a separate statute the government invoked that can only be challenged in that jurisdiction.

Both cases make substantially the same argument: that the administration acted unlawfully, without proper statutory authority, and in violation of Anthropic’s First Amendment rights.

More than a dozen federal agencies are named as defendants, including the Department of Defence, the Treasury, the State Department, and the General Services Administration.

The legal action is the culmination of a two-week standoff that escalated with unusual speed into one of the more remarkable confrontations between a technology company and the US government in recent memory.

The dispute centres on two conditions Anthropic has insisted on in its contracts with the Pentagon: that its Claude AI system not be used for mass domestic surveillance of American citizens, and that it not be used to power fully autonomous weapons, systems capable of targeting and firing without human authorisation.

The Pentagon, which has been using Claude on classified networks since the company became the first AI lab to achieve that clearance, demanded that any renewed contract drop these restrictions and grant the military use of Claude for “all lawful purposes.” Anthropic refused.

What followed was a sequence of events that proceeded with striking speed. On 27 February, President Trump posted on Truth Social calling Anthropic a “radical left, woke company” and directing every federal agency to “immediately cease” all use of its technology.

Within hours, Defence Secretary Pete Hegseth announced on X that he was designating Anthropic a supply chain risk, meaning no contractor, supplier, or partner doing business with the US military could conduct any commercial activity with the company. The formal letter confirming the designation arrived on 3 March, five days after the deadline Anthropic had been given to agree to the Pentagon’s terms.

The practical scope of the designation turned out to be narrower than Hegseth’s initial announcement implied. Anthropic CEO Dario Amodei said in a statement last Thursday that the relevant statute limits the designation’s reach to the direct use of Claude in Pentagon contracts, it cannot, Amodei argued, be used to sever all commercial relationships between defence contractors and the company. 

Microsoft, Google, and Amazon all reviewed the designation and reached the same conclusion, issuing statements confirming that Claude would remain available to their customers for work unrelated to defence contracts. Hegseth had explicitly said the opposite in his original post.

The economic stakes are nonetheless substantial. In declarations accompanying Monday’s filings, Anthropic executives laid out the damage in granular terms. Chief Financial Officer Krishna Rao warned the court that if the designation were allowed to stand and customers took a broad reading of its scope, it could reduce Anthropic’s 2026 revenue by “multiple billions of dollars”, an impact he described as “almost impossible to reverse.”

Chief Commercial Officer Paul Smith cited a specific example: one partner with a multi-million-dollar annual contract had already switched to a rival AI model, eliminating an anticipated revenue pipeline of more than $100 million; negotiations with financial institutions worth roughly $180 million combined had also been disrupted.

The complaint itself makes two distinct legal arguments. The first is a First Amendment claim: that the administration’s actions punish Anthropic for its public advocacy around AI safety, its position on autonomous weapons and domestic surveillance, which constitutes protected speech.

“The Constitution does not allow the government to wield its enormous power to punish a company for its protected speech,” the filing states. The second argument challenges the statutory basis of the designation, invoking 10 USC 3252, the procurement law the Pentagon relied upon. Anthropic argues the statute requires the government to use “the least restrictive means” to protect the supply chain, not deploy it as a punitive instrument against a domestic company over a policy disagreement.

The Pentagon’s position is that the dispute is fundamentally about operational control rather than speech. Pentagon officials have argued that a private contractor cannot insert itself into the chain of command by restricting the lawful use of a critical capability, and that the military must retain full discretion over how it deploys technology in national security scenarios.

In an indication that the designation was not straightforwardly about security, a Pentagon official was quoted in Anthropic’s court filing as saying the government intended to “make sure they pay a price” for the company’s refusal, language Anthropic’s lawyers have flagged as evidence of improper motivation.

The case has drawn an unusual show of solidarity from Anthropic’s direct competitors. A group of 37 researchers and engineers from OpenAI and Google DeepMind, including Google’s chief scientist Jeff Dean, who signed in a personal capacity, filed an amicus brief on Monday supporting the lawsuit. 

The brief argues that the designation “chills professional debate” about AI risks and undermines American competitiveness. “By silencing one lab,” the researchers wrote, “the government reduces the industry’s potential to innovate solutions.” The filing is notable given that OpenAI struck a new deal with the Pentagon within hours of the Trump administration’s order,  a move that drew sharp criticism from OpenAI employees and that Altman later acknowledged looked “sloppy and opportunistic.”

Legal observers have been sceptical that the designation will survive judicial scrutiny. Paul Scharre, a former Army Ranger and now executive vice president of the Center for a New American Security, told Breaking Defense that Hegseth’s initial characterisation of the ban simply exceeded what the supply chain risk statute permits,  and that even the narrower formal designation would likely struggle in court, given the law’s requirement for the least restrictive means. Procurement laws passed by Congress, Anthropic argues in its filings, do not give the Pentagon or the president authority to blacklist a company over a policy disagreement.

A first hearing could take place in San Francisco as early as this Friday, according to reports. Anthropic has asked for a temporary order that would allow it to continue working with military contractors while the legal case unfolds. The DoD said it does not comment on litigation.

Among the contradictions the complaint highlights: the military reportedly continued to use Claude during active combat operations in Iran, after the ban had been announced. A six-month phaseout was also ordered simultaneously with an immediate prohibition. And the company retains active FedRAMP authorisation and facility and personnel security clearances that would ordinarily be incompatible with a national security risk finding. None of these inconsistencies have been publicly addressed by the government.

Whatever the court decides, the case has already set a precedent of a different kind: a major AI company, backed by researchers at its own rivals, publicly litigating the government’s right to weaponise procurement law against a domestic company for taking a public stance on how its technology should and should not be used. The outcome could determine, as Anthropic’s complaint puts it, whether any American company can “negotiate with the government” without risking its existence.

• US households contribute monthly fees while platforms still impose substantial network infrastructure burdens
• Broadband cost recovery does not reflect actual traffic or usage patterns
• Heavy users in the electricity and airline sectors pay proportionally for demand

Broadband networks in the United States operate under a cost model that does not align with actual usage – as households generate substantial revenue for major internet platforms while also contributing to the Universal Service Fund, which supports rural connectivity, schools, libraries, and healthcare facilities.

A typical US broadband household contributes roughly $9 per month to this fund, yet the largest traffic generators impose substantial infrastructure burdens without proportional contributions.

Nvidia has just announced DLSS 4.5. The update brings new AI-powered graphics technology, and the improvements offer a noticeable impact on how modern PC games look and perform. It was revealed alongside other RTX announcements during GDC 2026, focusing on boosting both visual quality and frame rates in demanding titles.

DLSS (Deep Learning Super Sampling) has become a big part of Nvidia’s gaming ecosystem. It uses AI models running on RTX GPUs to reconstruct higher-resolution images and generate additional frames that allow games to run more smoothly without sacrificing visual fidelity. With DLSS 4.5, the technology is getting even better.

Smarter frame generation with DLSS 4.5

One of the notable new additions in DLSS 4.5 is Dynamic Multi Frame Generation, which automatically adjusts how many AI-generated frames are created during gameplay. Rather than sticking to a fixed multiplier, the system dynamically tweaks frame generation in real time to hit the target refresh rate. This approach lets compatible GPUs maintain smoother performance during demanding scenes while avoiding unnecessary frame generation when workloads drop.

DLSS 4.5 also introduces the 6X Multi Frame Generation, which can generate up to five additional frames for every traditionally rendered frame. The result is significantly smoother gameplay, particularly in high-fidelity titles that use advanced rendering techniques like path tracing.

AI upgrades for sharper visuals

Aside from the performance improvements, DLSS 4.5 also upgrades Nvidia’s Super Resolution technology using a second-generation transformer AI model. It is designed to improve image clarity by reducing artifacts such as ghosting, shimmering, and jagged edges in motion-heavy scenes.

Coming to RTX 50 series GPUs soon

Nvidia has confirmed DLSS 4.5 features like Dynamic Multi Frame Generation and the 6X mode will roll out starting March 31 through the Nvidia app. It will first debut in GeForce RTX 50-series GPUs, and will be supported in around 20 games like 007 First Light and Control Resonant.

OpenAI launched Codex Security on March 6, entering the application security market that Anthropic had disrupted 14 days earlier with Claude Code Security. Both scanners use LLM reasoning instead of pattern matching. Both proved that traditional static application security testing (SAST) tools are structurally blind to entire vulnerability classes. The enterprise security stack is caught in the middle.

Anthropic and OpenAI independently released reasoning-based vulnerability scanners, and both found bug classes that pattern-matching SAST was never designed to detect. The competitive pressure between two labs with a combined private-market valuation exceeding $1.1 trillion means detection quality will improve faster than any single vendor can deliver alone.

Neither Claude Code Security nor Codex Security replaces your existing stack. Both tools change procurement math permanently. Right now, both are free to enterprise customers. The head-to-head comparison and seven actions below are what you need before the board of directors asks which scanner you are piloting and why.

How Anthropic and OpenAI reached the same conclusion from different architectures

Anthropic published its zero-day research on February 5 alongside the release of Claude Opus 4.6. Anthropic said Claude Opus 4.6 found more than 500 previously unknown high-severity vulnerabilities in production open-source codebases that had survived decades of expert review and millions of hours of fuzzing.

In the CGIF library, Claude discovered a heap buffer overflow by reasoning about the LZW compression algorithm, a flaw that coverage-guided fuzzing could not catch even with 100% code coverage. Anthropic shipped Claude Code Security as a limited research preview on February 20, available to Enterprise and Team customers, with free expedited access for open-source maintainers. Gabby Curtis, Anthropic’s communications lead, told VentureBeat in an exclusive interview that Anthropic built Claude Code Security to make defensive capabilities more widely available.

OpenAI’s numbers come from a different architecture and a wider scanning surface. Codex Security evolved from Aardvark, an internal tool powered by GPT-5 that entered private beta in 2025. During the Codex Security beta period, OpenAI’s agent scanned more than 1.2 million commits across external repositories, surfacing what OpenAI said were 792 critical findings and 10,561 high-severity findings. OpenAI reported vulnerabilities in OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium, resulting in 14 assigned CVEs. Codex Security’s false positive rates fell more than 50% across all repositories during beta, according to OpenAI. Over-reported severity dropped more than 90%.

Checkmarx Zero researchers demonstrated that moderately complicated vulnerabilities sometimes escaped Claude Code Security’s detection. Developers could trick the agent into ignoring vulnerable code. In a full production-grade codebase scan, Checkmarx Zero found that Claude identified eight vulnerabilities, but only two were true positives. If moderately complex obfuscation defeats the scanner, the detection ceiling is lower than the headline numbers suggest. Neither Anthropic nor OpenAI has submitted detection claims to an independent third-party audit. Security leaders should treat the reported numbers as indicative, not audited.

Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS, told VentureBeat that the competitive scanner race compresses the window for everyone. Baer advised security teams to prioritize patches based on exploitability in their runtime context rather than CVSS scores alone, shorten the window between discovery, triage, and patch, and maintain software bill of materials visibility so they know instantly where a vulnerable component runs.

Different methods, almost no overlap in the codebases they scanned, yet the same conclusion. Pattern-matching SAST has a ceiling, and LLM reasoning extends detection past it. When two competing labs distribute that capability at the same time, the dual-use math gets uncomfortable. Any financial institution or fintech running a commercial codebase should assume that if Claude Code Security and Codex Security can find these bugs, adversaries with API access can find them, too.

Baer put it bluntly: open-source vulnerabilities surfaced by reasoning models should be treated closer to zero-day class discoveries, not backlog items. The window between discovery and exploitation just compressed, and most vulnerability management programs are still triaging on CVSS alone.

What the vendor responses prove

Snyk, the developer security platform used by engineering teams to find and fix vulnerabilities in code and open-source dependencies, acknowledged the technical breakthrough but argued that finding vulnerabilities has never been the hard part. Fixing them at scale, across hundreds of repositories, without breaking anything. That is the bottleneck. Snyk pointed to research showing AI-generated code is 2.74 times more likely to introduce security vulnerabilities compared to human-written code, according to Veracode’s 2025 GenAI Code Security Report. The same models finding hundreds of zero-days also introduce new vulnerability classes when they write code.

Cycode CTO Ronen Slavin wrote that Claude Code Security represents a genuine technical advancement in static analysis, but that AI models are probabilistic by nature. Slavin argued that security teams need consistent, reproducible, audit-grade results, and that a scanning capability embedded in an IDE is useful but does not constitute infrastructure. Slavin’s position: SAST is one discipline within a much broader scope, and free scanning does not displace platforms that handle governance, pipeline integrity, and runtime behavior at enterprise scale.

“If code reasoning scanners from major AI labs are effectively free to enterprise customers, then static code scanning commoditizes overnight,” Baer told VentureBeat. Over the next 12 months, Baer expects the budget to move toward three areas.

1. Runtime and exploitability layers, including runtime protection and attack path analysis.

2. AI governance and model security, including guardrails, prompt injection defenses, and agent oversight.

3. Remediation automation. “The net effect is that AppSec spending probably doesn’t shrink, but the center of gravity shifts away from traditional SAST licenses and toward tooling that shortens remediation cycles,” Baer said.

Seven things to do before your next board meeting

1. Run both scanners against a representative codebase subset. Compare Claude Code Security and Codex Security findings against your existing SAST output. Start with a single representative repository, not your entire codebase. Both tools are in research preview with access constraints that make full-estate scanning premature. The delta is your blind spot inventory.

2. Build the governance framework before the pilot, not after. Baer told VentureBeat to treat either tool like a new data processor for the crown jewels, which is your source code. Baer’s governance model includes a formal data-processing agreement with clear statements on training exclusion, data retention, and subprocessor use, a segmented submission pipeline so only the repos you intend to scan are transmitted, and an internal classification policy that distinguishes code that can leave your boundary from code that cannot. In interviews with more than 40 CISOs, VentureBeat found that formal governance frameworks for reasoning-based scanning tools barely exist yet. Baer flagged derived IP as the blind spot most teams have not addressed. Can model providers retain embeddings or reasoning traces, and are those artifacts considered your intellectual property? The other gap is data residency for code, which historically was not regulated like customer data but increasingly falls under export control and national security review.

3. Map what neither tool covers. Software composition analysis. Container scanning. Infrastructure-as-code. DAST. Runtime detection and response. Claude Code Security and Codex Security operate at the code-reasoning layer. Your existing stack handles everything else. That stack’s pricing power is what shifted.

4. Quantify the dual-use exposure. Every zero-day Anthropic and OpenAI surfaced lives in an open-source project that enterprise applications depend on. Both labs are disclosing and patching responsibly, but the window between their discovery and your adoption of those patches is exactly where attackers operate. AI security startup AISLE independently discovered all 12 zero-day vulnerabilities in OpenSSL’s January 2026 security patch, including a stack buffer overflow (CVE-2025-15467) that is potentially remotely exploitable without valid key material. Fuzzers ran against OpenSSL for years and missed every one. Assume adversaries are running the same models against the same codebases.

5. Prepare the board comparison before they ask. Claude Code Security reasons about code contextually, traces data flows, and uses multi-stage self-verification. Codex Security builds a project-specific threat model before scanning and validates findings in sandboxed environments. Each tool is in research preview and requires human approval before any patch is applied. The board needs side-by-side analysis, not a single-vendor pitch. When the conversation turns to why your existing suite missed what Anthropic found, Baer offered framing that works at the board level. Pattern-matching SAST solved a different generation of problems, Baer told VentureBeat. It was designed to detect known anti-patterns. That capability still matters and still reduces risk. But reasoning models can evaluate multi-file logic, state transitions, and developer intent, which is where many modern bugs live. Baer’s board-ready summary: “We bought the right tools for the threats of the last decade; the technology just advanced.”

6. Track the competitive cycle. Both companies are heading toward IPOs, and enterprise security wins drive the growth narrative. When one scanner misses a blind spot, it lands on the other lab’s feature roadmap within weeks. Both labs ship model updates on monthly cycles. That cadence will outrun any single vendor’s release calendar. Baer said that running both is the right move: “Different models reason differently, and the delta between them can reveal bugs neither tool alone would consistently catch. In the short term, using both isn’t redundancy. It’s defense through diversity of reasoning systems.”

7. Set a 30-day pilot window. Before February 20, this test did not exist. Run Claude Code Security and Codex Security against the same codebase and let the delta drive the procurement conversation with empirical data instead of vendor marketing. Thirty days gives you that data.

Fourteen days separated Anthropic and OpenAI. The gap between the next releases will be shorter. Attackers are watching the same calendar.

• Google report shows attackers shifting to software flaws over weak credentials
• Vulnerabilities now account for 44.5% of cloud breaches, exploited within days
• Third-party SaaS integrations increasingly abused for data theft and access

To break into cloud environments, cybercriminals are relying less on weak credentials and more on third-party software vulnerabilities, new research from Google has found.

The Cloud Threat Horizons Report claims early in 2025 most compromises still relied on weak, or missing credentials. However, in the second half of the year, attackers increasingly started exploiting vulnerabilities in externally managed software.