Headline and intro
The US military is preparing to bring one of the most chaotic commercial chatbots into some of the most sensitive networks on the planet. That alone should make security people sit up. Senator Elizabeth Warren’s pushback against the Pentagon’s decision to grant Elon Musk’s xAI access to classified systems is not just another Musk drama; it is a test case for how democratic states will buy, govern and trust military AI.
This piece looks at what actually happened, why the Grok decision is so controversial, how it fits into a wider militarisation of generative AI, and why Europeans and other US allies should care a lot more than they currently do.
The news in brief
According to TechCrunch, Senator Elizabeth Warren has sent a formal letter to US Defense Secretary Pete Hegseth challenging the Department of Defense (DoD) over its decision to give xAI’s chatbot Grok access to classified networks.
Warren cites documented cases where Grok produced instructions for violent crimes and terrorist acts, generated antisemitic content and was coaxed into creating material involving child sexual abuse. She argues that these failures show inadequate safety controls and pose direct risks to US military personnel and classified systems.
The letter follows pressure from civil society groups that previously urged the US government to halt Grok’s deployment in federal agencies, after users showed it could turn real images of women and minors into sexualised images. On the same day Warren wrote to the Pentagon, a class‑action lawsuit was filed alleging Grok generated sexual content from real images of the plaintiffs as minors.
TechCrunch reports that the Pentagon recently signed agreements with both OpenAI and xAI to use their models on classified networks, after labelling Anthropic a supply‑chain risk when it refused to grant unrestricted access to its systems.
Why this matters
At first glance, this is a US domestic spat: a progressive senator versus a defence establishment eager to move fast on AI, with Musk as the lightning rod. Underneath, it is about something much more structural: who sets the rules when commercial frontier models become part of military infrastructure.
The Pentagon is effectively saying: we are willing to plug a rapidly iterating, privately controlled, controversy‑ridden system into secure environments because we cannot afford to fall behind. For xAI, this is a dream contract: revenue, prestige and a validation that its product is ‘good enough’ for national security despite well‑publicised safety failures.
The losers are obvious. First, competing vendors that have invested heavily in safety and governance. Anthropic, in particular, is being punished for refusing what it saw as unsafe demands, and labelled a supply‑chain risk for exercising caution. That sends a brutal market signal: in defence, obedience may matter more than safety.
Second, the public – including allies – inherits the systemic risk. If a model with a record of producing harmful content is allowed near classified workflows, even for supposedly non‑classified tasks, it becomes part of the attack surface. Misconfigurations, prompt‑leakage, data exfiltration via vendor logs, or insider abuse are no longer hypothetical.
The Pentagon has done secure outsourcing for decades, but generative AI is different: you are not just buying software; you are wiring a probabilistic, non‑deterministic system – trained on unknown data and tuned under commercial pressure – directly into the decision‑making environment of the largest military in history. That demands a level of technical and political scrutiny that, so far, is happening only after contracts are signed.
The bigger picture
This controversy lands in the middle of an arms race to weaponise foundation models. The US DoD is rolling out initiatives to integrate AI into everything from logistics to targeting. In parallel, firms like Anduril and Palantir are selling AI‑driven command platforms to militaries worldwide. The Grok deal is simply the most politically noisy example of a broader trend: governments renting brains from Silicon Valley.
We have been here before, in a way. The cloud migration a decade ago created similar anxieties about moving sensitive workloads to Amazon, Microsoft or Google. Over time, that risk was managed with on‑premise regions, strict accreditation and a maturing vendor ecosystem. But large language models are more opaque than clouds. You can audit access logs; you cannot fully audit the internal behaviour of a 100‑billion‑parameter model.
Compared with rivals, xAI is the outlier in terms of governance maturity. OpenAI, for all its drama, has been forced to build some compliance machinery; Anthropic has made safety central to its brand; Google and Microsoft operate under heavy regulatory and shareholder scrutiny. xAI is leaner, more ideologically driven, answerable largely to one man who has already used his other platform, X, as a geopolitical instrument.
That is the geopolitical angle many analyses miss. By onboarding Grok into classified networks, the US military is increasing its dependence on a vendor whose owner has publicly clashed with Western governments, played games with satellite connectivity in Ukraine and shifted his businesses in response to personal grievance. That is not a purely technical risk; it is a strategic vulnerability.
The European and regional angle
For European readers, it is tempting to file this under ‘US politics’ and move on. That would be a mistake. NATO allies, EU institutions and national ministries increasingly rely on US infrastructure for everything from secure cloud to battlefield management. Whatever the Pentagon normalises today will shape procurement expectations tomorrow in Brussels, Berlin or Zagreb.
The EU AI Act formally carves out national security, but the norms it sets for foundation models – documentation, risk management, transparency – will inevitably collide with defence realities. If Washington is comfortable placing a lightly governed model into classified environments, and Europe insists on strict auditability, interoperability inside NATO will suffer. The path of least resistance will be to lower standards rather than build sovereign alternatives.
There is also a regulatory asymmetry. The European Commission is already probing Musk’s X under the Digital Services Act for content and disinformation failures. At the same time, one of Musk’s other companies is being invited into the US military’s inner digital sanctum. That creates a strange split perception: in Brussels, Musk is a platform to be constrained; in the Pentagon, he is a strategic supplier.
For European defence ministries and local AI firms, the episode underlines a hard choice. Either continue to buy into US‑centric AI stacks – accepting the governance decisions made in Washington – or invest seriously in European, NATO‑compliant models that can be audited against EU norms. So far, most capitals have talked about ‘digital sovereignty’ while quietly defaulting to US vendors. Grok in a classified bunker should be a wake‑up call.
Looking ahead
Warren’s letter almost guarantees more political heat. Expect congressional hearings, demands for the Pentagon to publish its evaluation criteria for generative models, and pressure to explain why a system already facing a class‑action lawsuit is cleared for classified networks.
In the near term, deployment timelines may slip. A senior Pentagon official has already said Grok is onboarded but not yet in use. Public scrutiny, combined with any further embarrassing outputs or security incidents, could force the DoD to slow rollout or restrict the model to tightly sandboxed, non‑operational tasks.
Longer term, two paths compete. One is deeper vendor lock‑in: a small club of US giants – OpenAI, xAI, perhaps a couple of others – becoming de facto operating systems for military bureaucracy. The other is a pivot towards more controllable, possibly open‑weight models that governments can host themselves, adapting safety layers and logging to their own standards.
Key questions to watch:
- Will other senators from both parties join Warren, turning this into a broader oversight issue rather than a partisan one?
- Do allies inside NATO quietly push back against reliance on controversial vendors, or do they follow the Pentagon’s lead?
- Will procurement rules evolve to reward verifiable safety and governance, not just capability and access?
For technologists and policymakers in Europe, Asia and Latin America, the lesson is clear: if you do not define what acceptable military AI looks like in your jurisdiction, someone else’s definition – possibly Elon Musk’s – will be imported by default.
The bottom line
The Grok‑Pentagon deal is not an isolated misstep; it is a symptom of a defence ecosystem that prizes speed and access over verifiable safety and accountable governance. Handing a volatile, commercially controlled model a badge to roam near classified systems sets a precedent that allies will quietly copy.
If democratic societies are going to militarise AI, they need procurement rules and technical standards that are at least as robust as those we apply to cloud or cryptography. The real question for readers is simple: do you want the future of military AI governed by public institutions, or by the risk appetite of a few frontier labs and their billionaire owners?
