Dragos Chief Says He Won’t Stop Using Anthropic Unless Ordered - Bloomberg.com

Robert Lee is not making a political statement. He is reading a statute.

The CEO of Dragos, an industrial cybersecurity firm specializing in protecting critical infrastructure from state-sponsored threats, told Bloomberg on March 23 that Dragos will not stop using products from Anthropic, the AI safety company behind Claude, unless the government formally orders it to. Lee said he does not know all the details of what took place ahead of the Pentagon's supply chain risk designation, but the company's position is clear: absent a direct legal instruction, it's not going anywhere.

That sounds like defiance. It's actually closer to precision.

The designation that set off this whole contractor panic arrived — improbably — via a post on X from Defense Secretary Pete Hegseth on Feb. 27, followed by a two-page letter that reached Anthropic formally on March 3. What the letter invoked was the Department of Defense's authority under 10 U.S.C. § 3252 — a statute governing national security systems procurement within covered defense contracts. Mayer Brown, the law firm, read the relevant DFARS clauses carefully and found something important: they "apply only to the performance of covered defense contracts. They do not prohibit a contractor from having commercial business relationships with Anthropic or using Anthropic products outside of their defense work." No FAR clause. No compliance deadline. No SAM.gov representation requirement.

Lee is reading the same thing. The designation, legally, only restricts what contractors can do while performing specific covered defense contracts. It does not reach their broader commercial operations.

What makes Lee's position worth paying attention to isn't just the legal reasoning — it's who he is. Before founding Dragos, he was a U.S. Air Force Cyber Warfare Operations Officer assigned to the NSA and built the Air Force's first industrial control system threat monitoring capability. He currently serves as a lieutenant colonel in the Army National Guard, specializing in OT cyber response. He has testified before Congress on ICS threats. He is not a tech CEO waving a protest flag. He's someone who has spent a career inside the national security apparatus and is now saying: the legal authority claimed here does not actually cover what they're claiming it covers.

The contrast with the rest of the industry is stark. Lockheed Martin moved quickly to signal compliance after the designation, telling Reuters it would "follow the president's and the Department of War's direction" and expected minimal impact. General Dynamics, RTX, the parent company of Raytheon Technologies, and L3Harris all declined to comment. For companies with trillion-dollar defense contract exposure, the political calculus is simple: regardless of what the statute actually says, being seen as on the wrong side of a Trump administration preference is expensive. Franklin Turner, a government contracts attorney quoted by Reuters, was blunt about it: "The threat is the point."

Dragos operates in a different corner of the contractor world. Through Dragos Public Sector LLC, launched in October 2024, the company serves U.S. federal agencies — but its core product is OT/ICS security for industrial infrastructure, not the kind of large-scale defense procurement that puts a company in the direct line of DFARS clause exposure. The statutory authority invoked against Anthropic may simply not reach most of what Dragos does commercially.

The Government Contracts Law Blog made this point with some clarity shortly after the designation: "The noise level of this situation is not proportional to the regulatory clarity it has produced... What exists—as of this writing—is a contested social media post, a two-page letter, and a lawsuit that could produce a preliminary injunction within days."

The timeline of how we got here makes the Dragos stance look even more reasonable in retrospect. According to a comprehensive timeline from Tech Policy Press, Claude was reportedly being used in ongoing U.S. operations against Iran even as the designation was being issued. Then there is the detail documented in the sworn declaration of Sarah Heck, Anthropic's Head of Policy, filed in Anthropic PBC v. U.S. Department of War (N.D. Cal. 3:26-cv-01996) and reported by TechCrunch: on March 4, the day after the designation was formally memorialized, Under Secretary of Defense for Acquisition and Sustainment Emil Michael emailed Anthropic CEO Dario Amodei to say the two sides were "very close" on the two contested issues — autonomous weapons use and mass surveillance. The government, at the exact moment contractors were being told to purge Anthropic, was privately saying the whole thing might be resolved in days.

CNBC noted the larger incoherence: Anthropic holds a $200 million DoD contract under which Claude became the first frontier AI approved for classified government networks. Retired Navy rear admiral Mark Dalton, who leads technology and cybersecurity policy at the R Street Institute in Washington, D.C., put the contradiction plainly: "I don't know how those two things can both be true in reality. Something is so necessary that you need to invoke DPA and so harmful that you put a designation on it that's reserved for foreign adversaries."

Anthropic has filed two federal lawsuits challenging the designation, with a preliminary injunction hearing scheduled before Judge Rita Lin in San Francisco on March 24. If Lin grants the injunction, contractors who quietly purged their Anthropic tooling will have done so in response to a designation that a federal court found was likely unlawfully issued.

There's also an industry-specific undercurrent worth noting. Help Net Security published an analysis in March examining how the cybersecurity world has processed the Anthropic saga. Anthropic's RSP 3.0, released on Feb. 24 — in the middle of the Pentagon standoff — shifted its safety commitments from absolute to relative: rather than promising not to train toward certain capabilities, it now promises only to match whatever competitors are doing. For a firm like Dragos, which is in the OT security space and competes adjacent to the market disruption Claude Code Security is causing, the relationship with Anthropic is genuinely complicated. The AI vendor is also, in a sense, a competitive pressure. That Dragos is still holding the relationship says something about how valuable it must be operationally.

The real fork in the contractor industry right now is not between companies that support Anthropic and companies that don't. It's between companies managing political risk and companies managing legal risk. Lee is in the second camp. Whether that turns out to be the right call may become clearer by the end of March 24.

type0 previously covered the legal strategy in Anthropic's lawsuit in story_3585 and Senator Elizabeth Warren's response to the designation in story_3485.