The Pentagon Bets on 19-Person Startups to Guard Its Secrets with AI
In March 2026, the U.S. Department of Defense made a decision that shook the U.S. artificial intelligence market with less fanfare than any wartime headline: it barred Anthropic, its preferred AI provider, after the company demanded assurances that its models would not be used for domestic surveillance or autonomous weapons systems. The Pentagon responded by blocking Anthropic from all federal contracts. Anthropic sued. A judge temporarily suspended the ban in March. And while lawyers litigate, the Department of Defense discovered something more uncomfortable than the conflict itself: it had built its AI strategy on a single supplier, which posed an unacceptable supply chain risk.
That gap will not be filled by the usual tech giants. Instead, it is being filled by companies that most private sector executives have never even heard of.
A $2 Billion Market Operating in Silence
Nicolas Chaillan, founder of Ask Sage, a platform used by thousands of teams within the Department of Defense, estimates the market for AI infrastructure for defense and intelligence agencies at approximately $2 billion. This figure is not eye-catching compared to valuations of major language models, but its logic is different: this market does not reward the creator of the most powerful model but rather the one who solves problems that larger models cannot address alone.
The issue is structural. Large-scale language models learn from the data they operate on. If that data includes classified intelligence, the risk of leaking is not theoretical; it is a direct consequence of the architecture. The startups winning contracts from the Pentagon are not competing with OpenAI or Google in model capability; they are building the layer that enables any model to operate on sensitive information without absorbing it. This is the difference between giving an external contractor access to all your files or only providing the documents they need to complete a specific task.
This distinction, while seemingly technical, has direct economic consequences. Ask Sage generates approximately 65% of its revenue from the Department of Defense, which makes it a specialist company with a concentrated but highly valuable customer base. Arize AI, focused on monitoring and auditing AI flows, has raised over $130 million since its founding in 2020. Smack Technologies, based in El Segundo, California, operates with 19 people and has started receiving military interest that it did not anticipate six months ago.
What these figures reveal is not the size of the companies but the speed at which the Pentagon is willing to move when it feels urgency.
The Architecture That Nobody Sees but Everyone Needs
To understand why these startups are hard to replace, one must grasp how the infrastructure they build is organized. It is not a single product; it is a chain of specialized layers where each link solves a distinct problem.
At the base operates a company like Unstructured, whose role is to prepare data: cleaning, converting, and structuring internal files, from handwritten field notes to proprietary classified government formats, so they can be queried within secure databases without exposure to the outside. Its founder describes it with a precise image: "we take in all that data from the world, convert it to book format, and take it to the library." Without that layer, no model can operate on sensitive information securely.
At the intermediate level, Arize AI monitors retrieval-augmented generation (RAG) information flows and the AI agents built upon them. Its CEO stated bluntly: "controlling these systems is hard, and ensuring they do the right thing is one of the most critical parts of the process. I wouldn’t deploy AI without using one of my products or my competitors’." That statement is not arrogance; it's an honest description of a real operational risk.
At the top layer, Ask Sage provides the interface where users query approved business models and retrieve answers from restricted data, without the model "learning" classified information in the process. This architecture, when functioning well, is invisible to the end user. When it fails, it can turn into a diplomatic or national security incident.
The Pentagon launched its own internal platform in December 2025, GenAI.mil, reaching over one million unique users after Secretary of Defense Pete Hegseth ordered its widespread adoption. The problem is that GenAI.mil, in its current architecture, cannot perform RAG operations on classified databases outside the platform. Ask Sage, Palantir, and Scale AI can. That technical gap is, in commercial terms, the contract that has yet to be signed.
When Bureaucratic Risk Becomes Competitive Advantage
There’s one data point in this landscape that deserves sustained attention because it reveals how technology acquisition in the defense sector truly operates when there’s political pressure: EdgeRunner AI reported that the military indicated it could receive IL-6 security designation, enabling it to access secret and top-secret data, in three months, compared to the historical standard of 18 months or more.
That shift is not a minor administrative adjustment. It signals that the Pentagon is willing to dramatically compress its own certification cycles when dependency on a single supplier is exposed as a strategic vulnerability. For the startups operating in this space, this change transforms their value proposition. Previously, the certification time was a barrier protecting established players. Now, the speed of certification becomes a differential asset.
Tyler Sweatt, CEO of Second Front, a company that helps tech firms meet Pentagon network security requirements, confirmed this unequivocally: "we have seen massive demand increases from clients and government to deploy AI solutions since Anthropic was declared a supply chain risk." Andrew Markoff, co-founder of Smack Technologies, described the tone of recent military conversations as: "we want more, we want demonstrations, let’s talk about how we can move faster."
The dynamic emerging from these testimonies has a financial implication that goes beyond the immediate government contract: a defense contract certifies to the private market that a company can handle sensitive information. For a 19-person startup seeking corporate clients in regulated sectors such as banking, healthcare, or energy, that stamp serves as a technical solvency guarantee that no marketing campaign could buy.
The Model That Survives When Venture Capital Runs Dry
The dominant narrative around AI startups is built on funding rounds, valuations, and capital burn. The architecture these companies have developed suggests a different, more resilient logic.
These companies are not competing to have the most powerful language model in the market, a race requiring billions in computing and infrastructure. They build the integration layer that allows any model, be it OpenAI’s, Google’s, or whatever comes next, to operate in environments where it currently cannot enter. Their position does not hinge on winning the model capability race; it depends on being indispensable at the moment that capability needs to be deployed under extreme security conditions.
That position has a characteristic that investors often underestimate: the world’s most demanding customer, with the highest security standards and the longest contracts, is actively seeking to diversify its suppliers. For a startup with variable cost architecture and contracts requiring upfront payment for certification, that is not a fast-growth opportunity. It is the foundation of a business that can survive without relying on the next funding round.
The founder of Unstructured identified GenAI.mil not as a threat but as a demand accelerator: "with GenAI.mil making these models more accessible, that is going to unlock a lot of demand for what we build." The Pentagon’s platform, by familiarizing more than a million users with unclassified AI capabilities, creates internal pressure justifying investment in classified infrastructure. It’s a network effect that requires no additional marketing dollars.
Any executive evaluating these moves from the private sector should arrive at a concrete operational conclusion: money as an end in itself builds fragile dependencies, as the Pentagon demonstrated by betting everything on one supplier. Money as fuel to solve the hardest customer problem builds positions that competitors cannot copy in 18 months, or three.
