The federal directive ordering all US government agencies to stop using anthropic technology comes with a six-month phaseout window. That timeline assumes agencies already know where Anthropic’s models sit inside their workflow. Most don’t today.
Most enterprises won’t even do this. The gap between what enterprises think they have approved and what is actually running in production is wider than most security leaders realize.
AI vendor dependency doesn’t stop at the contract you sign; They move through your vendors, your vendors’ vendors, and the SaaS platforms adopted by your teams without any purchasing review. Most enterprises have never mapped that chain.
No one has moved inventory
A January 2026 Panorase survey of 200 U.S. CISOs put a number on the problem: Only 15% said they had full visibility into their software supply chains, up from just 3% a year earlier. And according to a BlackFog survey of 2,000 employees at companies with more than 500 employees, 49% had adopted AI tools without employer approval; 69% of C-suite members said they have no problem with this.
This is where undocumented AI vendor dependencies accumulate, remaining invisible to the security team until forced migration makes them everyone’s problem.
“If you asked a typical enterprise to build a dependency graph that includes second- and third-order AI calls, they would be building it from scratch under pressure,” Merritt Baer, CSO at Encrypt AI and former deputy CISO at AWS, said in an exclusive interview with VentureBeat. “Most security programs were built for static assets. AI is dynamic, compositional, and increasingly indirect.”
When a salesperson’s relationship ends overnight
This directive creates a forced migration unlike any effort the federal government has made with an AI provider. Any enterprise running critical workflows on a single AI vendor faces the same math if that vendor disappears.
SIBM’s Cost of 2025 Data Breach Report found that Hadou AI incidents now account for 20% of all breaches, adding up to $670,000 in average breach costs. You can’t execute a transition plan for infrastructure you didn’t invent.
Your contract with Anthropic may not exist, but your vendors’ contracts may exist. A CRM platform can have the cloud embedded in its analytics engine. A customer service tool can call this on every ticket you process. You didn’t sign up for that exposure, but you inherited it, and when a seller’s cutoff moves upward, it moves downward rapidly. The enterprise at the end of that chain doesn’t know the dependency exists until something breaks or a compliance letter is exposed.
Anthropic said eight of the 10 largest US companies use the cloud. Any organization in those companies’ supply chains has indirect anthropogenic exposure, whether they have contracted for it or not. AWS and Palantir, which have billions in military contracts, may need to reevaluate their commercial relationships with Anthropic to retain Pentagon business.
The supply chain risk designation means any company doing business with the Pentagon must now prove that its workflows do not touch Anthropic.
“The models are not interchangeable,” Baer told VentureBeat. “Switching vendors changes output formats, latency characteristics, security filters, and hallucination profiles. This means revalidating the controls, not just the functionality.”
They outlined a sequence that begins with triage and blast radius assessment, moves to behavioral drift analysis, and ends with credentialing and integration brainstorming. “Turning the keys is the easy part,” Baer said. “Dissolving hardcoded dependencies, vendor SDK assumptions, and agent workflows is where things break.”
Your logs don’t show dependencies
According to Axios, a senior defense official described entangling with the cloud as “a serious pain.” If this is an inside assessment of the most well-resourced security apparatus on the planet, the question for the enterprise CISO is straightforward. How much of your time will it take?
The shadow IT wave that followed SaaS adoption taught security teams about unapproved technology risks. Most were captured. They deployed CASB, tightened SSO and conducted expenditure analysis. The equipment was working because the danger was obvious. A new application means a new login, a new data store, a new entry in the log.
AI vendor dependencies don’t miss those marks.
“The shadow with SaaS was visible at the IT edges,” Baer said. “AI dependencies are embedded inside other vendors’ features, applied dynamically rather than constantly installed, in practice non-deterministic and opaque. You often don’t know exactly which model or provider is being used.”
Four tricks for Monday morning
The federal directive did not create an AI supply chain visibility problem. This exposed it.
“Don’t list your AI, because it’s too abstract and too slow,” Baer told VentureBeat. He recommended four concrete steps a security leader can execute in 30 days.
- Map execution path, not vendor. Tools at the gateway, proxy, or application layer to log which services are calling models, on which endpoints, with which data classifications. You’re creating a live map of usage, not a static vendor list.
-
Identify the control points that you actually have. If your only control is at the seller limit, you have already lost. You want enforcement on ingress (what data goes into the model), egress (what outputs are allowed downstream), and orchestration layers where agents and pipelines operate.
-
Run a kill test on your top AI dependencies. Select your most important AI vendor and simulate its removal in the staging environment. Kill the API key, monitor for 48 hours, and document what breaks, what silently breaks, and what errors occur that aren’t covered in your incident response playbook. This exercise will reveal dependencies you didn’t know existed.
-
Force vendor disclosure on sub-processors and models. Your AI vendors should be able to answer which models they rely on, where those models are hosted, and what fallback paths exist. If they can’t, that’s your fourth party. Ask questions now, while the relationship is stable. Once the cutoff is reached, the leverage changes, and answers come too late.
control illusion
“Enterprises believe they have ‘approved’ AI vendors, but what they have actually approved is an interface, not the underlying system,” Baer told VentureBeat. “The real dependencies are one or two layers deeper, and they are the ones that fail under stress.”
The federal directive against anthropic is an organization’s meteorological phenomenon. Every enterprise will eventually face its own version, whether the trigger is regulatory, contractual, operational, or geopolitical. Organizations that mapped their AI supply chains before the storm will recover. Those who did not will fight.
Map your AI vendor dependencies down to the sub-service level. Run a kill test. Compel disclosure. Give yourself 30 days. The next forced migration will not come with six months’ warning.
<a href