Non-State Entities and National Security

In March, the Defense Department designated Anthropic a supply chain risk, sparking legal controversy. The designation came after Anthropic prohibited the use of its artificial intelligence (AI) model, Claude, for “mass domestic surveillance” and for “fully autonomous weapons.”

Apart from its fascinating particulars, this ongoing dispute reveals a fundamental shift: Non-state entities (NSEs) of various kinds—corporations, universities, and individuals—are becoming much more important for national security. These entities are increasingly enabling, and sometimes limiting, defense and intelligence activity. Unsurprisingly, states are pushing back, treating NSEs as rival geopolitical actors, and using a wide array of carrots and sticks to dominate them. Both trends—NSEs limiting states, and states dominating NSEs—stress existing frameworks for national security governance. Those frameworks were not designed for the current geopolitical reality and would benefit from a systematic review. 

The Growing Role of NSEs

In the oscillating balance of national security power between states and NSEs, the 21st century has witnessed a decisive shift in favor of NSEs. Historical examples of powerful NSEs include the British East India Company and privateers wielding letters of marque in the American Revolution. As compared to the late 20th century, however, NSEs now possess superior access to the technology, data, and talent on which defense and intelligence increasingly depend.

Defense and intelligence elements are increasingly using commercial off-the-shelf technologies rather than developing in-house capabilities. In the 20th century, government played a key role in developing security-relevant technologies, including microelectronics, radar, satellite navigation/GPS, and the internet. Today, by contrast, NSEs often lead in such technologies, including cloud data storage and processing, advanced semiconductors, biometrics, autonomous systems, and probably quantum computing. Admittedly, this can be overstated—DuPont invented Teflon (used in the Apollo program), states are probably still preeminent in cryptography, and relative roles in vaccine development varied from World War II, to the early Cold War, to Operation Warp Speed and beyond. But the overall trend is clear: Much of today’s most important security technology is developed first by and for NSEs. 

The U.S. government has acknowledged this technological shift, as demonstrated by testimony from the National Security Agency (NSA) director, the Defense Department’s Science and Technology Strategy, the FBI’s private-sector summit meetings, the expansion of NSA’s Business Programs and Commercial Engagement Center, and the current U.S. National Security Strategy. 

NSEs also generate and access growing amounts of security-relevant data. Monetization models for “free” digital offerings depend on harvesting enormous amounts of personally identifiable information from end users. Routine activities generate digital records that data brokers systematically collect, combine, analyze, and sell. Commercial markets for data dwarf what the U.S. intelligence community (IC) could lawfully collect with other sources and methods. Commercially available information and open-source intelligence (OSINT) now play a far more important role in national security than they did at the turn of the century. 

In the 20th century, major NSEs were relatively indifferent to cybersecurity, with capacity concentrated in state elements such as NSA. But Bill Gates’s famous 2002 email triggered a hard pivot, such that Microsoft, Google, Amazon, and others now enjoy better online visibility than some government agencies, and NSEs are routinely the first to find, mitigate, and attribute cyberthreats.

The IC’s 2023 Data Strategy recognizes these developments: “Based on the speed of data and digital innovation and the changing and increasing national security attack surface, direct partnerships with the private sector and academia are more critical for the IC now than ever before.”

Finally, national security talent has also migrated, in part due to more favorable working conditions in the private sector. NSEs now employ leading experts not only in cyber, but in nearly all the major INT disciplines—including signals intelligence (SIGINT) and geospatial intelligence (GEOINT)—and in related fields such as language translation, analysis, and space services. State defense and intelligence elements use large numbers of contractors, even for core intelligence work. As the director of national intelligence explained in 2024, “[W]e know that the private sector increasingly possesses certain unique and specialized talent, knowledge, and capabilities, in key fields of critical importance to national security, that we don’t have access to in the government.” 

These shifts—in technology, data, and talent—represent a major reallocation of national security capabilities from states to NSEs.

The effects of the shift are highly visible. The most dramatic cases come from the battlefield, where Starlink and SpaceX are essential for Ukrainian military command and control. As the U.S. deputy secretary of defense said in 2023, “We’ve all seen in Ukraine how emerging tech developed by commercial and non-traditional companies … can be decisive in defending against modern military aggression.” Warfighting innovation in Ukraine has generated new strategies for interacting with both other states and NSEs, some of which are now being used in Iran.

Closer to home, cybersecurity incidents like SolarWinds, Salt Typhoon, and Storm 0558 illustrate what the British aptly call “private ownership of public risk.” The U.S. Cybersecurity Strategy “calls for unprecedented coordination across government and the private sector” and promises to “unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” Recently, Google launched a new cyber disruption unit to “actively shape the outcome of adversary behaviors” based on its “unique vantage point … that government agencies sometimes don’t have,” although the company also said the new unit would be defensive in nature, in keeping with contemporaneous statements from the national cyber director.

More generally, fundamental defense and intelligence infrastructure now depends on NSEs, with the Pentagon’s Joint All-Domain Command and Control (JADC2) program and the IC’s Commercial Cloud Enterprise (C2E) program relying on Amazon, Microsoft, IBM, Google, and Oracle. Palantir and Anduril are working to deliver a full national-security capability stack, with nearly everything short of boots on the ground—as offered by the company formerly known as Blackwater.

NSEs and National Security Governance

As NSEs provide more national security capabilities, they also exercise more national security governance—sometimes in ways that conflict with state preferences.

One example is electronic surveillance, where enhanced cooperation triggered by Sept. 11 declined after the Snowden disclosures in 2013. Since then, NSE providers have resisted U.S. government data demands, adopted end-to-end encryption to make data unreadable, and sometimes refused to sell facial recognition and other technology to security and law enforcement elements.

Increasing NSE governance is also apparent in the positions of key NSEs on defense and intelligence uses of their products and services. Examples include Google’s 2018 decision not to assist the Pentagon with AI in Project Maven (a decision later reversed), Microsoft’s recent blocking of Israeli surveillance in Gaza (which provoked criticism from President Trump), Elon Musk’s limits on state access to Starlink technology in the Ukraine war, and the disagreement between the Pentagon and Anthropic.

There are three main reasons for modern NSE governance of national security: the nature of the relevant NSEs and their incentives, the nature of the support they provide to states, and the changing political and regulatory environment.

Today’s security-relevant NSEs are very different from traditional defense primes, especially after the consolidation of the U.S. defense industrial base in the 1990s. Defense contractors generally made (and make) their money from sales to the U.S. government and approved foreign militaries, creating strong incentives to align with state preferences (Boeing and certain other companies also sell civilian aviation, but the overall alignment is clear).

By contrast, many of today’s technology companies (e.g., Microsoft, Amazon, Alphabet, Oracle, and IBM), social media companies (e.g., Meta), and Elon Musk’s companies face very different incentives: they earn revenue, expect growth, and otherwise depend on civilian and foreign customers, suppliers, and others. As such, they can afford to buck the preferences of states, including the U.S.

A second factor is the changing nature of NSE support for national security. The basic shift is from products to services, from selling to leasing, from materiel to subscriptions. NSEs today do not merely equip the state’s security apparatus; they increasingly define its architecture, provide its infrastructure, and enable its operations. That is, NSEs do not just sell tanks, airplanes, or even bare metal servers; instead, they provide integrated, ongoing, end-to-end solutions, including the JADC2, C2E, and Anduril-Palantir projects mentioned above.

This reduces the practical and moral distance between them and their customers, making it harder for NSEs to disclaim responsibility for downstream state action and increasing the pressure to exercise governance (although attempts to deny responsibility exist).

Finally, the regulatory and political environment has changed. In the 20th century, especially during times of war or crisis, security-relevant NSEs were broadly and heavily regulated (e.g., AT&T was a regulated monopoly) and often had little choice but to comply with state preferences. Today’s security market is more decentralized; regulatory requirements are more discrete, even during armed conflicts; and public support for security activity is much less reliable.

These three reasons explain why NSEs today are limiting, and sometimes vetoing, state defense and intelligence activity. 

How States Are Responding

States recognize and often resent their dependence on NSEs. Sen. Jack Reed (D-R.I.) has objected to Elon Musk exercising control over Ukraine, President Trump has complained about Microsoft limiting Israeli surveillance in Gaza, and both Trump and Defense Secretary Pete Hegseth have railed against Anthropic, designating it a supply chain risk on the theory that it might commit sabotage (the courts have divided on the legitimacy of this designation).

Other countries see a similar trend. Europe increasingly refers to NSEs as independent geopolitical actors, whose interests may conflict with those of states. The United Kingdom has been the most explicit, but many states now broadly understand that major NSEs are no longer entirely reliable. In December 2025, the head of MI6 warned that the “world is being actively remade” due to “the impact of advanced technologies,” with “[p]ower itself … becoming more diffuse, more unpredictable as control over these technologies is shifting from states to corporations, and sometimes to individuals.” In today’s world, commercial off-the-shelf products and services and other relevant supply chains are often global in terms of their components, development processes, and users. 

Beyond merely expressing such concerns, states are also acting to curb NSE power. Both the U.S. and the U.K. have changed their procurement rules, with the U.K. focusing on requirements for “through-life support” for NSE-provided capabilities, and the U.S. imposing requirements for “any lawful use” of such capabilities in policies adopted by the Defense Department and the General Services Administration.

More generally, states are approaching NSEs more transactionally, deploying carrots and sticks as they do with other states to achieve desirable outcomes.

The U.S. appears to be leading this charge among Western democracies: It has reportedly taken revenue shares, transaction fees, and equity stakes (sometimes with enhanced governance rights) in key firms; used research funding to influence other reforms at academic and scientific institutions; undertaken an effort to “wag[e] war against” and “reshap[e] the media” through threatened loss of broadcast licenses or access to information in response to disfavored use of vocabulary, war reporting, and other content (including late-night comedy routines); tried to influence the availability of and nature of pro bono work done by law firms; and exercised regulatory, investigative, and enforcement authority for NSE allies and against opponents. (Kate Klonick has written recently in Lawfare on a related set of developments.)

Indeed, these transactional approaches to NSEs have in some cases replaced more traditional ones—such as legislation—leading critics to decry the “mirage” of deregulation. Whether or not it amounts to kleptocracy or crony capitalism, as some critics contend, or is historically unprecedented, the current U.S. approach is certainly much closer to state capitalism than most observers would have predicted as little as 10 years ago.

The Limits of Existing Frameworks 

The two trends described here—NSEs limiting states, and states dominating NSEs—each stress existing frameworks for political and legal governance of national security.

The main problem presented by the first trend—in which NSEs limit national security activity—is that NSEs don’t answer to the voters. This is a nonpartisan concern, equally true of Elon Musk and of Anthropic’s officers and directors. When national security capacity and governance have migrated to NSEs, but political accountability remains anchored in the state, it creates a governance gap. NSEs have always had some power over states, but recent developments have increased NSE power in a core area of sovereignty.

The second trend, in which states use their power to co-opt or coerce NSEs, also raises concerns. By dominating NSEs, the state not only regains control over traditional security functions but also expands its reach into traditionally more private spheres, including news, entertainment, science, and markets. The same tactics suffice, and the same NSEs sometimes operate, in both realms. States have always had some power over NSEs, but the recent shift enables and reflects ambitions for broader control.

In other words, today’s security-relevant NSEs are not part of what President Eisenhower called the military-industrial complex. Their vast reach, enabling both national security and many areas of private life across the globe, means that they are not always aligned with the state; but it also means that, if brought into alignment, they are more powerful force multipliers for the state.

Considered alone or together, the trends are problematic. They appear to be in a complex, dialectical relationship, with no reason to expect offsetting effects that will return us to a more balanced status quo. As such, we should consider systematic approaches to mitigation.

Existing scholarship illuminates but does not fully capture the two trends discussed here. Foundational political science on state-NSE relations focus on NSEs engaging in regulatory capture or other manipulation of states for commercial gain. This article describes the inverse: In the first trend, NSEs effectively regulate states by enabling, conditioning, or withholding core national security capabilities; and in the second trend, states capture NSEs. Both trends are therefore distinct from the 20th century experience in which U.S. foreign policy aided NSEs such as United Fruit Co. and various oil interests. 

More recent scholarship worries that states may evade accountability by directing NSEs to perform traditional state security functions. By contrast, the first trend discussed here involves states insourcing capacities from NSEs rather than outsourcing functions to them: Uniformed personnel may fire the missile, but the targeting depends on a private algorithm running on a commercial cloud. The second trend is also distinct from this literature: It sometimes involves government contracts, but they are contracts that allow states to influence traditionally private activity by NSEs, not contracts for NSEs to carry out traditionally governmental activity.

Finally, recent studies on digital network architecture, surveillance intermediaries, digital Switzerlands, and cyber checks and balances generally (not always) view NSEs as potentially benign counterweights to state surveillance. They come closest to this article’s focus in the first trend, albeit with a narrower focus on the digital realm and less skepticism as to the role of NSEs in limiting state activity. And these studies are less focused on the second trend, in which states dominate NSEs and thereby expand their power over private life.

A Path Forward

New guardrails for state-NSE interactions would vary by sector but would likely prioritize transparency, contestability, and integrity, making legislative or sub-legislative improvements as necessary. Several examples illustrate the wider range of possibilities.

To curb NSE power, an obvious first step, already underway, is procurement reform. For example, acquisition regulations could encourage or compel intelligence and defense elements to prioritize multivendor architectures in major programs—e.g., more like the Joint Warfighting Cloud Capability than the Joint Enterprise Defense Infrastructure. This might reduce efficiency (by requiring coordination between and among vendors) but likely would increase resiliency and reduce the leverage of any single NSE (NSE risk could be elevated as a factor in resiliency calculus). 

Regulations could also follow U.S. and U.K. practices described above, and forbid or limit imposition of private-law limits on state action with NSE goods or services, require terms for “through-life” support from NSEs, and provide enhanced cancellation authority on national security grounds. This is the Defense Department’s basic position in the dispute with Anthropic. A rejection of private-law limits on state national security activity may require more robust public-law limits.

Market regulation could also reduce NSE power. One possibility would be to amend the Defense Production Act to authorize funding of alternative providers when critical capabilities become concentrated in a single NSE. To prevent concentration in the first place, antitrust enforcement and merger review could more extensively consider national security risks. The U.S. Committee on Foreign Investment and Team Telecom could be granted broader authority to review domestic as well as foreign acquisitions in certain critical areas.

Finally, in extreme cases, essential NSEs could be regulated more directly. A new category of public benefit corporation—under state or perhaps federal law—could be created for national security companies, with specified obligations and benefits. At the extreme, regulation as a national security public utility would be possible, approaching the level of the U.S. government’s historical relationship with AT&T and Bell Labs. 

On the opposite end of the spectrum, to curb state excesses at least three sets of reforms could be helpful.

First, enhanced transparency in foreign affairs. Recently expanded reporting requirements for “side deals” and “qualifying, non-binding instruments,” including with “non-state actors,” could be further expanded to reduce exceptions and include an explicit anti-corruption focus, perhaps using definitions and approaches in extant conflict-of-interest statutes. Transparency is not a panacea when overt corruption goes unchecked, but it could mitigate abuse.

Second, enhanced domestic transparency—although more complex—could help curb state overreach. One approach would be to require public reporting for a “qualifying government action,” defined to include both positive and negative measures, above a certain dollar or other threshold, that involve one of several specified factors related to side-deals with, or domination of, NSEs. The foreign-policy reporting regime discussed above could be used as a foundation for such a transparency requirement.

Transparency in domestic affairs, at least, could also be required from the other direction: Acquisition regulations could build on current law and require clauses in certain contracts to ensure strong audit access, records retention, enhanced whistleblower protections for contractor personnel, and expanded legislative or Freedom of Information Act access to NSE records involving side arrangements with government officials and/or their family members, affiliates, and other close associates. Public-company reporting requirements could require similar transparency directly. Such increased transparency might be disagreeable to NSEs, but it could also protect them from coercion by making clear to all that relevant arrangements will quickly become publicly known.

Finally, it would be possible to codify and enhance substantive protections against state coercion. This might involve an expanded statutory version of “unconstitutional conditions” doctrine, a revival of Bivens to align with 42 U.S.C. § 1983 (which applies to deprivations of civil rights by state-level officials), and/or a new, explicit federal cause of action for victims of coercion or retaliation. 

Again, these possibilities—three to protect against excessive NSE power, and three to protect against state abuse—are illustrative only. There are many potential challenges to implementing the six listed here, and many other possibilities for achieving these aims.

*          *          * 

In the first quarter of the 21st century, the balance of national security capability between states and non-state entities has shifted to favor NSEs. Compared with the late-20th-century baseline, NSEs now enjoy advantages in technology, data, and talent that are essential for defense and intelligence activity. The same NSEs are now vital both for national security and for private life. The governance problem created by this shift runs in both directions, threatening sovereignty and enabling authoritarianism. Without romanticizing government or the private sector, we should consider legal, political, and institutional safeguards that preserve the benefits of state-NSE cooperation while reducing the risks of private overreach, state coercion, and corruption.

The shifting national security minuet between states and NSEs is part of a larger, ongoing, geopolitical re-choreography. The changes described here implicate deeper upheavals in the nature and availability of information, deference to scientific and other expertise, trust in public and private institutions, commitment to the rule of law, satisfaction with globalization, and approaches to international relations. Together, these forces are profoundly affecting, and even redefining, “national security.” To encourage better outcomes during this transition, states and NSEs in free societies must adapt together—not only in governance, but in culture, doctrine, and practice.

Author’s note: I am grateful for extraordinarily helpful comments on a prior draft of this paper from Richard Danzig and Jack Goldsmith, including to Danzig for the reference to a “minuet” between states and NSEs.