Efthimia (Mariefaye) Bechrakis, Esq.
On March 26, 2026, a federal judge blocked the Pentagon from branding Anthropic a “supply chain risk.” The ruling does more than grant an early legal victory for Anthropic. It exposes a deeper structural shift in how the boundaries of military power are being negotiated at a moment when contemporary warfare is increasingly mediated by Artificial intelligence. For International Criminal Law (ICL), this shift raises a more fundamental question: who bears responsibility when the conditions under which force is exercised are shaped, not on the battlefield, but upstream, through privately designed systems?
Private Constraints and the Limits of State Control
At the center of the dispute was Anthropic’s refusal to deploy its model, Claude, beyond a set of defined “red lines” embedded within its safety framework. Those red lines prohibited Anthropic’s Claude from performing mass surveillance of Americans, and powering fully autonomous weapons without any human involvement. Anthropic treated these red lines as non-negotiable design features rather than adjustable policy preferences. When the U.S. Department of Defense sought to expand permissible use for “all lawful uses of the technology,” the company resisted, effectively asserting that private actors could impose binding constraints on military employment. The Pentagon reponsed by designating the company a “supply chain risk,” excluding it from defense procurement pipelines, a move now under judicial scrutiny.
The Privatization of War’s Constraints
The Anthropic dispute, followed by OpenAI’s entry into classified defense work under negotiated terms, reflects a broader transformation in the governance of warfare. Increasingly, the rules shaping the use of force are not derived primarily from treaties or customary international law, but from procurement decisions, contractual limitations, and internal safety architectures developed by private companies. In this emerging model, procurement agreements operate as de facto regulatory instruments, embedding operational constraints, or their absence, directly into AI systems used in military contexts. The result is a gradual displacement of collective legal governance by fragmented, bilateral arrangements between states and corporations.
For ICL, this evolution is significant. The ICL framework has traditionally focused on attributing individual criminal responsibility for unlawful acts. Yet when the conditions under which force is excercised are shaped upstream by private actors, responsibility becomes more diffuse, mediated across a chain of design, deployment, and decision making that complicates traditional modes of attribution.
Control Over Systems and the Exercise of Force
The divergence between Anthropic and OpenAI illustrates that control over AI systems increasingly translates into control over how military force is exercised. Where Anthropic attempted to impose its “red lines” on Claude’s use, OpenAI had initially indicated that it negotiated terms with the Department of Defense permitting use across defense contexts, subject to internal safety guardrails. Those guardrails, however, have recently shifted in both scope and content. OpenAI’s earlier policy contained a broad prohibition on “military and warfare” applications. In 2024, that prohibition was removed and replaced with a narrower, effects based framework. The revised policy permits certain defense related uses, including cybersecurity and logistics, while prohibiting specific harmful applications, including the development or use of weapons, systems intended to injure or kill, and large scale surveillance that violates legal or human rights standards. It also requires meaningful human oversight and compliance with applicable law. Following public backlash, OpenAI further clarified that its systems should not be used for autonomous weapons or to directly facilitate lethal targeting.
This progression suggests that such guardrails are not fixed limitations, but evolving commitments subject to revision. As a result, the operational boundaries governing AI-enabled force increasingly depend on corporate policy choices rather than stable legal rules.
AI in Contemporary Conflict
These dynamics are not merely theoretical, but are being played out in real time within contemporary conflict. AI enabled capabilities are already deeply embedded in recent conflicts, and their role is only set to expand in scale, speed, and consequence. For example, in Ukraine and Gaza, AI tools developed with private sector support have been used to process intelligence, generate targets, and accelerate decision-making scale. More specifically, in Gaza, such systems have reportedly produced large volumes of targets by integrating surveillance data into strike planning, dramatically increasing operational tempo. At the same time, AI has been deployed in U.S. and Israeli operations against Iran to analyze intelligence and compress the “kill chain” from days to hours. Notably, Anthropic’s model Claude has reportedly been used in these contexts, including in support of operations linked to Iran and earlier efforts associated with the capture of Nicolás Maduro.
The implication is as much legal as it is technological. As AI structures targeting decisions, it destabilizes the lines of control and intent that underpin criminal responsibility. AI-enabled systems do not merely assist judgment, they reshape the conditions under which proportionality and distinction are assessed, displacing qualitative human evaluation and complicating attribution. Responsibility remains formally human, but is increasingly mediated by privately designed systems operating upstream of the final decision, contributing to what scholars have identified as emerging accountability gaps.
The International Criminal Law Accountability Gap
This evolving landscape exposes a deeper challenge for international criminal law. ICL remains structured around the attribution of individual criminal responsibility, typically to political leaders, military commanders, or direct perpetrators, but AI-mediated warfare disrupts that architecture by dispersing decision-making across a broader socio-technical chain. Where AI systems shape targeting, intelligence prioritization, or operational recommendations, they do more than assist human judgment; they structure the range of options within which that judgment is exercised. Harmful outcomes may therefore be traceable not only to battlefield intent, but to upstream design choices, training data, and embedded constraints. Existing doctrines such as aiding and abetting or command responsibility were not developed with such distributed systems in mind. While this does not necessarily mean that international law lacks the tools altogether, it does suggest that these tools must be applied differently, grounded in a more sophisticated understanding of how AI systems shape decision-making environments.
The Limits of “Safety by Design”
This challenge becomes particularly acute in light of the growing emphasis on “safety by design.” As technology companies increasingly position their systems as incorporating built-in safeguards, guardrails, and usage constraints, they present themselves as responsible actors capable of managing the risks of deployment. Yet from an accountability perspective, the existence of such mechanisms raises a critical problem of verifiability. Without transparency into how these systems are trained, calibrated, or potentially overridden in practice, it remains difficult to assess whether safety is operationally meaningful or largely declaratory. If international criminal law is to engage not only downstream harm but also upstream design, then claims of safety cannot remain opaque. Otherwise, there is a risk that “safe” AI becomes legible primarily on paper, functioning less as a constraint on conduct than as a legitimizing narrative, while the underlying accountability gap persists, merely shifting further out of view.
Recalibrating International Criminal Law
These developments do not necessarily require a wholesale reform of international criminal law. They do, however, demand a more precise application of its existing doctrines. As AI systems increasingly structure targeting, intelligence processing, and operational decision making, core ICL concepts such as control, knowledge, and foreseeability must be interpreted in light of these distributed, socio technical systems. Accountability cannot remain confined to the moment of execution. It must also account for upstream contributions that shape how decisions are made, including the design, constraints, and deployment of AI systems. Absent such recalibration, ICL risks capturing only the final act while overlooking the broader chain through which harm is produced. As operational authority is mediated through systems developed by private actors, the conditions under which crimes may occur are increasingly structured before the battlefield. The task for ICL is therefore not to expand its foundations, but to ensure that its existing modes of liability remain capable of addressing responsibility within this evolving architecture of decision making.
A Contrario ICL 