Two positions. That’s what NSPM-11 created for AI vendors in the government market.
The memo, signed and covered in the regulation pillar on June 5, directs federal agencies to terminate contracts with AI vendors whose usage policies include restrictions that conflict with military operational requirements. Anthropic’s standard commercial Claude models restrict certain military and autonomous weapons applications. Under NSPM-11’s terms, that restriction creates termination exposure for any federal agency that built on Claude under a standard commercial agreement.
The Pentagon’s Maven Smart System is the most visible case. Per Breaking Defense, Maven used Claude as its primary LLM. The system is now evaluating replacements. OpenAI, Google, and xAI’s Grok are all reported as candidates, per Breaking Defense’s coverage of Pentagon AI vendor activity.
Unanswered Questions
- Does NSPM-11 include a formal waiver mechanism for classified applications, and if so, what criteria must vendors meet to qualify?
- What specific usage policy language triggers NSPM-11's contract termination requirement, and how close is standard commercial AI policy language to that line?
- What is the Maven Smart System replacement evaluation timeline, and which vendor will be selected?
That’s the confirmed story. Here’s where qualified language is required: there are reports, from secondary sources, not confirmed against the memo’s primary text, that the NSA secured a limited waiver allowing continued use of Anthropic’s Mythos model under specific conditions. If accurate, this is significant: it would mean NSPM-11 has a carve-out mechanism for classified applications, which changes the vendor landscape from a simple two-tier structure to something more conditional. But the waiver hasn’t been confirmed against the memo itself, and it should be treated as reported, not established, until a primary source confirms it.
What’s not in question: vendors whose policies don’t restrict military deployment are positioned for Maven and similar government AI contract opportunities. Vendors whose policies do include such restrictions face a structural choice.
The part nobody mentions in coverage of NSPM-11 is that this is a product design problem as much as a policy problem. Usage restrictions in AI vendor contracts aren’t accidental, they reflect deliberate safety commitments and liability management decisions. The vendors now being evaluated as Maven replacements have made different design choices about where to draw those lines. Whether those choices reflect genuine philosophical differences or just different commercial calculations depends on which vendor you’re asking.
Don’t treat NSPM-11 as purely a procurement story. For AI vendors with existing government accounts, this is an audit trigger: review your current government contract terms, identify which usage policy language would trigger termination exposure under NSPM-11’s requirements, and decide whether adjusting that language is viable given your other safety commitments and commercial contracts. Those are legal and policy decisions that require counsel, not just compliance review.
The Maven replacement timeline isn’t publicly confirmed. What’s clear is that a significant government AI contract is in play, and the vendor selection will establish a precedent for how NSPM-11’s requirements get applied in practice.