A handful of little-known infrastructure startups are solving the Pentagon's biggest AI problem: how to use powerful language models without leaking classified secrets to the wrong people.
When Anthropic clashed publicly with the Pentagon earlier this year over ethical red lines around domestic surveillance and autonomous weapons, the fallout was swift. Federal agencies and contractors were temporarily barred from working with the company, and the dispute landed in court. But while that standoff grabbed headlines, a quieter and arguably more consequential arms race has been unfolding behind locked doors. A small cadre of AI infrastructure companies is building the secure architecture that allows U.S. defense and intelligence agencies to actually use artificial intelligence on their most sensitive data.
The core challenge is one that any business leader managing proprietary information will recognize, just with lower stakes. Train a large language model on your law firm's case files, your biotech startup's trial data, or your investment bank's due diligence memos, and it becomes a remarkably powerful assistant. Let the wrong person query that model, and it becomes a catastrophic leak. As the Financial Times recently noted, this tension between utility and exposure is the central unresolved tension in enterprise AI adoption. For the CIA and the Department of Defense, the consequences of getting it wrong are measured in compromised operations and human lives, not just competitive disadvantage.
The pick-and-shovel companies stepping into this breach receive a fraction of the media attention directed at names like OpenAI, Google, or xAI. But their work is foundational. Nicolas Chaillan, who founded one such platform called Ask Sage, estimates the secure AI infrastructure market currently sits at roughly $2 billion and is expanding rapidly as defense teams demand tools that work inside existing security perimeters. What these firms provide is essentially the digital equivalent of hardened facilities. Consider the runway and communication systems that allow advanced military aircraft to operate safely. The large language model is the jet. The infrastructure is everything that makes it usable without crashing.
Until Anthropic's recent legal battle disrupted the arrangement, its Claude model was one of only a handful of LLMs approved for use on the Defense Department's classified networks. That access was made possible not by Anthropic alone, but through a 2024 partnership with Palantir and Amazon Web Services, which provided the secure cloud hosting and software platforms. The architecture ensured that model inference happened entirely inside government-controlled environments, with no data flowing back to the AI developer. This air-gapped or tightly controlled deployment approach is what the intelligence community requires before trusting any commercial model with classified material.
Emily Harding, a former CIA analyst now at the Center for Strategic and International Studies, frames the problem as a difficult balance. Feed a model enough data and it knows too much. Withhold enough data and it cannot do its job. This same dilemma is already confronting thousands of businesses worldwide. Any company sitting on a trove of confidential information must weigh the productivity gains of a custom-trained AI against the existential risk that the model itself becomes a single point of failure. Intelligence agencies simply face this calculus in its most extreme form, where compartmentalization of information is doctrine and breaches can cost lives.
The market opportunity here extends well beyond Washington. As large enterprises in healthcare, finance, and manufacturing accelerate their AI strategies, the demand for infrastructure that keeps proprietary data shielded from model training pipelines is surging. Companies like Chaillan's, alongside firms building private inference servers and encrypted model deployment tools, are positioning themselves as the essential middleware of the AI economy. Goldman Sachs estimates global AI infrastructure spending will exceed $150 billion annually within two years, and secure deployment layers will capture a meaningful share of that.
The Anthropic-Pentagon dispute also signals a broader tension the industry has barely begun to reckon with. AI companies built their commercial dominance serving consumer and enterprise markets where ethical boundaries are relatively flexible. Defense work demands far more rigid frameworks, and not every lab is willing to navigate that terrain. Those that refuse will leave money and influence on the table. Those that engage will face difficult questions about where their technology ends up and what it enables. Meanwhile, the infrastructure builders stay focused on a more practical mission: making sure the pipes are secure enough that the intelligence community can turn on the tap without flooding its own basement.
