Trump AI Order Ends Biden Rules for War AI in 2026

President Trump just told America's spies and soldiers to put commercial AI on classified networks, and he buried a clause in the order that could quietly strip AI companies of the power to say no. The directive signed on June 5 is being sold as a modernization push, a way to drag the national security state into the age of frontier models. But the most consequential lines are not about speed. They are about who holds the off switch on the AI systems the military will soon depend on, and the answer the memo gives is unambiguous: not the vendors.

What Actually Happened

On June 5, Trump signed a National Security Presidential Memorandum, NSPM-11, on Artificial Intelligence in the National Security Enterprise. The directive orders the military and intelligence agencies to accelerate adoption of the most advanced AI systems, explicitly including both commercial and open-source models, and to field them on classified networks for mission use. The framing from the White House is that America's warfighters and intelligence professionals need frontier capability now, and that the bureaucracy has been too slow to deliver it.

The memorandum rescinds and replaces the Biden administration's NSM-25, which the White House fact sheet derided as an "outdated document" that "burdened American AI adoption with ideological mandates" and "fostered dangerous single-vendor dependencies." In its place, NSPM-11 mandates a multi-vendor approach to prevent single points of failure, updates the Department of War's guidance on autonomy in weapons systems to "keep pace with the frontier," and demands that fielded systems remain "robust, steerable, controllable" under the Constitutional chain of command.

The clause drawing the most attention is the control provision. NSPM-11 directs the national security enterprise to ensure, "through contractual clauses or other means, that no commercial entity or adversary possesses the capability to prevent use of, disable or degrade, or materially modify" an AI system that the military depends on, without federal knowledge and approval. Bloomberg reported the memo is aimed in part at resolving the ongoing feud between Anthropic and the Pentagon over usage restrictions, which gives the abstract language a very concrete target.

Why This Matters More Than People Think

The headline is "military adopts AI," but the real shift is a transfer of control from the companies that build frontier models to the government that fields them. Commercial AI labs have spent years building usage policies, safety guardrails, and the technical ability to throttle or cut off applications they deem dangerous or off-mission. NSPM-11 says that when those systems are deployed for national security, that off switch belongs to Washington, not the vendor. For the first time, a frontier lab may be contractually barred from enforcing its own acceptable-use policy on a customer.

This collides head-on with the safety architecture the leading labs have built. Anthropic in particular has positioned responsible-use enforcement as core to its identity, restricting certain surveillance and weapons applications even for government clients. The Pentagon feud Bloomberg references is exactly this tension: a lab insisting on the right to limit how its model is used, and a customer insisting that a tool it depends on in combat cannot be remotely constrained by a private company's ethics committee. NSPM-11 puts the full weight of the executive branch behind the customer's position.

The autonomy-in-weapons update is the other quiet earthquake. By directing the Department of War to revise its guidance to "keep pace with the frontier," the memo signals a loosening, or at least a modernization, of the rules governing how much decision-making can be delegated to machines in lethal systems. The previous framework emphasized direct human control. The new direction prioritizes not falling behind adversaries. That reframing, from caution-first to capability-first, will shape procurement, doctrine, and the design of weapons for years, and it does so with far less public debate than a change of this magnitude would normally attract.

The practical effect is already visible in how programs will be structured. Procurement officers now have a presidential mandate to write contracts that bar vendor-side controls, which means the negotiating leverage in every future defense AI deal shifts toward the government. A lab that once could dictate terms because it held a unique capability now bargains against an order that explicitly forbids single-vendor lock-in and vendor kill switches. The companies with the most differentiated models lose the most leverage, while integrators and cloud providers that bundle many models gain it, because the policy rewards breadth and interchangeability over any single best-in-class system.

The Competitive Landscape

The multi-vendor mandate reshuffles the defense AI market overnight. By explicitly forbidding single-vendor dependencies, NSPM-11 advantages an ecosystem of suppliers over any one dominant lab. That is good news for Palantir, which has built its business on integrating multiple models into defense workflows, and for Microsoft and Google, which can offer government-cloud-hosted access to a range of models. It is more complicated for the pure-play frontier labs like OpenAI and Anthropic, which now must compete on terms that deliberately prevent any of them from becoming irreplaceable.

Anthropic sits in the most awkward position. It has aggressively courted government work, standing up classified-environment offerings and national-security teams, yet its brand rests on the principle that it will refuse uses it considers harmful. NSPM-11's control clause is almost a direct challenge to that stance. The company must now decide whether to accept contracts that strip its ability to enforce usage limits, or to cede the most lucrative government deals to rivals less troubled by the question. OpenAI, Scale AI, and Palantir are all positioned to absorb whatever Anthropic declines.

The historical parallel is the second-sourcing doctrine of Cold War defense procurement. In the 1980s, the Pentagon refused to let a single company monopolize critical components like microprocessors, forcing chipmakers to license designs to competitors so the military would never be hostage to one supplier. NSPM-11 applies the same logic to intelligence itself. Frontier models are the new strategic component, and the government is determined not to repeat the dependency mistakes it made with single suppliers in everything from rocket engines to satellite launch, where one vendor's failure could ground an entire capability.

The order also reshapes the middle of the market, where companies like Scale AI and a wave of defense-tech startups operate. By privileging an ecosystem of interchangeable suppliers, NSPM-11 creates room for smaller specialized vendors to win mission-specific contracts that might otherwise have gone to a single dominant lab. Anduril, Palantir, and a roster of newer national-security AI firms stand to benefit from a procurement philosophy that treats model diversity as a security feature rather than an integration headache. The losers are the labs whose entire pitch was that their model is so far ahead that buyers should standardize on it alone.

Hidden Insight: The Kill-Switch Belongs to the State Now

The non-obvious story is that NSPM-11 quietly resolves one of the central unanswered questions of the AI era: when a private company builds a system more capable than anything a government can make itself, who ultimately controls it? For two years, the leading labs have operated as if the answer were "we do," embedding their values into usage policies and reserving the right to pull access. This memo is the first formal assertion by a major government that, for national-security deployments, the answer is "the state does." That precedent will echo far beyond the Pentagon.

Consider the incentive it creates. If a lab can be contractually forbidden from disabling a fielded system, then the lab's safety guarantees become unenforceable the moment the system enters classified use. The very mechanisms labs built to prevent misuse, remote monitoring, kill switches, and usage throttling, are precisely what NSPM-11 neutralizes. Critics argue this is the most dangerous part of the order: it takes the AI systems where the stakes are highest, lethal and intelligence applications, and removes the one external check the builders themselves designed. The risk is not that the government acts in bad faith but that no one outside it can intervene if something goes wrong.

There is a hard strategic logic on the other side, and it deserves a fair hearing. A military cannot depend on a weapon that a private company in San Francisco can switch off during a conflict over a policy disagreement, and an adversary that captured or coerced a vendor could otherwise disable American capabilities at the worst possible moment. From the warfighter's perspective, a kill switch held by anyone other than the chain of command is an unacceptable vulnerability. NSPM-11's drafters are solving a real problem, even if the solution concentrates control in ways that should unsettle anyone who has thought about how AI accidents happen.

That tension has no clean resolution, which is exactly why the memo is so consequential. Every safety regime for powerful technology eventually confronts the same trade-off between control and accountability, and NSPM-11 resolves it firmly in favor of operational control by the chain of command. Skeptics point out that history is full of cases where concentrating an off switch in one authority removed the friction that might have caught a catastrophic mistake, from nuclear near-misses to automated trading failures. The order bets that disciplined government control beats distributed private vetoes, and that bet will not be tested in a press release. It will be tested in a crisis.

The deepest implication is for the labs' moral positioning. Anthropic, OpenAI, and their peers have told the public that their internal safety processes are a real check on misuse. NSPM-11 reveals the limit of that promise: it holds right up until a government with enough leverage decides otherwise. The bear case for the entire "responsible AI" branding of the frontier labs is that it was always contingent on the labs retaining control, and this memo demonstrates how quickly that control can be contracted away when national security and a willing administration are on the other side of the table.

What to Watch Next

In the next 30 days, watch how Anthropic responds. The company's reaction to NSPM-11's control clause will be the clearest test yet of whether its safety commitments survive contact with the largest customer on earth. Watch also for the specific contractual language the Department of War and intelligence agencies draft, because "through contractual clauses or other means" is the kind of phrase whose real meaning lives in the fine print of procurement documents that will emerge over the coming weeks.

Watch the allied dimension as well. The United States rarely fields a capability this central without pressure to extend or restrict it across partners in the Five Eyes intelligence alliance and NATO. If Washington asserts that the state must hold the off switch on critical AI, allied governments will face the same question about the same American vendors, and the labs could find themselves negotiating control clauses with a dozen governments at once. How OpenAI and Anthropic handle that multiplication of demands will shape whether a single national-security precedent becomes a global norm for how frontier AI is governed.

Over 90 days, watch the revised autonomy-in-weapons guidance. The memo orders the Department of War to update it, and the substance of that revision, how much human control it preserves, what categories of autonomous engagement it permits, will be one of the most consequential AI policy documents of the decade. Watch for congressional pushback too, since a presidential memorandum can be challenged through appropriations and oversight, and a directive that loosens weapons-autonomy rules is the kind of thing that draws bipartisan scrutiny. Lawmakers who waved through earlier AI funding may balk once they read that the same order quietly rewrites the rules on machine autonomy in lethal systems, and hearings on that single clause could dominate the defense policy calendar.

Over 180 days, the question is whether NSPM-11 becomes a template beyond defense. If the principle that the government controls the off switch on critical AI takes hold in national security, it will not stay there. Expect the same logic to surface in debates over AI in critical infrastructure, healthcare, and finance, anywhere a private model becomes too important to be governed solely by its maker. The memo signed on June 5 may be remembered less as a Pentagon modernization order and more as the moment the state asserted that the most powerful AI systems are too important to leave under purely private control.

The labs spent two years insisting they held the off switch on their own models. This memo is the government telling them they do not.

---