The federal government banned Anthropic's Claude from all agencies in March 2026. Here's what AI vendor lock-in risk means for your business.
Article text
The Pentagon just found out what happens when your AI vendor disappears overnight.
In March 2026, the White House drafted an executive order to remove Anthropic's Claude from every federal agency. Defense Secretary Pete Hegseth designated Anthropic a "supply-chain risk" after a dispute over how the military could use Claude's AI models. Not a sunset. Not a transition period measured in years. A 180-day mandate to rip it out.
The problem? Claude was the first AI model deployed on Pentagon classified systems. Military personnel had built it into workflows, security-accredited environments, and mission-specific processes. Staff described Claude as superior to alternatives and didn't want to switch. Now they have no choice.
If you're thinking "that's a government problem, not my problem," consider this: according to Ramp's business spending data, nearly 1 in 4 businesses now pay for Claude. A year ago, it was 1 in 25.
This Isn't About Anthropic. It's About Any Single Vendor.
I want to be clear: this post isn't about whether the government's decision was right or wrong. That's a policy debate for other people. What matters for your business is the principle underneath it.
The Pentagon built critical systems on one AI vendor. When that vendor became unavailable, they had to scramble. Under Secretary for Research and Engineering Emil Michael says they can transition within six months, but industry experts warn that each replacement model requires separate validation and re-authorization across classification levels.
If you're building on AI right now, or you're already using AI-powered tools, the question you need to answer is: what happens if your AI vendor changes its pricing, has an outage, gets acquired, pivots its product, or simply shuts down?
This isn't theoretical. In the past 18 months, we've seen AI companies double their prices, remove features, change their API terms, and get acquired by competitors. The AI vendor landscape is moving fast, and lock-in risk is real.
If your business uses AI tools and you're not sure how exposed you are, we'll walk through your vendor risk in a free 30-minute call . No pitch. Just an honest assessment.
Three Levels of AI Vendor Risk
Not all AI dependency is the same. Here's how to think about where your business falls.
Level 1: Tool-level dependency (Low risk)
You use an AI-powered feature inside a product you already use. Your CRM has an AI email drafting tool. Your accounting software suggests categorizations. Google Workspace has Gemini built in.
Risk level:
Low. If the AI feature breaks or changes, you lose a convenience. The core tool still works. You go back to writing emails yourself for a week.
What to check:
Nothing urgent. Just know which features you've come to rely on so you're not blindsided.
Level 2: Workflow dependency (Medium risk)
You've built a workflow around a specific AI tool. Your customer service team uses Claude or ChatGPT to draft responses. Your marketing person uses an AI writing tool for all content. Your ops team uses an AI transcription service for meeting notes.
Risk level:
Medium. If the tool disappears, a process slows down or stops. Your team has to revert to the old way of doing things until you find a replacement.
What to check:
Can a different tool do the same job? Have you tested it? If your team uses ChatGPT and ChatGPT doubles its price tomorrow, could you switch to Claude or Gemini in a week?
Level 3: System dependency (High risk)
You've built custom automation, integrations, or agents on a specific AI platform's API. Your intake forms feed into a GPT-powered classification system. Your internal tool uses Claude's API to analyze documents. Your dispatch system calls an AI model to optimize routes.
Risk level:
High. This is where the Pentagon was. The AI model is wired into the system. Switching means rebuilding integrations, retesting, and retraining. It's not a one-week fix.
What to check:
This is where you need a real plan. Keep reading.
The Vendor Backup Checklist
If you're at Level 2 or Level 3, here's what to do. This isn't a massive project. It's a list of questions to answer and document once, then review quarterly.
1. Know what you're running on.
This sounds obvious, but most businesses don't actually know which AI model powers their tools . Your CRM's "AI assistant" might run on GPT-4 today and switch to a cheaper model next month. Your AI writing tool might be built on Claude. Ask your vendors. Get it in writing. If they won't tell you, that's a red flag.
2. Test a second option before you need it.
The Pentagon is now deploying OpenAI, Google Gemini, and xAI as alternatives. They're doing it under pressure, on a deadline. You don't have to.
Pick your most AI-dependent workflow and spend an afternoon testing it with a different tool. If your team uses ChatGPT for customer response drafting, try the same workflow with Claude. If you use Claude's API for document analysis, test the same prompts with GPT-4o or Gemini. You're not switching. You're just proving that you
could
switch.
3. Keep your prompts and templates in your own system.
If your team has spent months fine-tuning prompts, those prompts shouldn't only exist inside the AI vendor's platform. Export them. Store them in a shared doc, a wiki, or your project management tool. Prompts are portable across models. They might need tweaking, but the thinking is transferable.
4. Build with abstraction layers when possible.
This is more technical, but if you're building custom integrations, ask your developer to put an abstraction layer between your system and the AI model. Instead of calling OpenAI's API directly from 40 places in your code, call it from one place. If you need to switch models, you change one file instead of forty.
This is exactly how we build AI integrations for our clients. We assume the model will change. The system should survive it.
5. Document your AI dependencies.
Create a simple spreadsheet:
Tool/Service
AI Model It Uses
How Critical (1-5)
Backup Option
Last Tested
Customer email drafting
ChatGPT Team
3
Claude Pro
Never
Document classifier (custom)
Claude 3.5 API
5
GPT-4o API
Never
Meeting transcription
Otter.ai (unknown model)
2
Fireflies.ai
Never
If your "Last Tested" column is all "Never," that's where your risk lives.
What the Pentagon Got Wrong (and What You Can Get Right)
The Pentagon's mistake wasn't using Claude. Claude is, by most accounts, a strong model for the work they were doing. The mistake was embedding it so deeply, without tested alternatives, that removal became a six-month project affecting classified operations.
The under secretary says "the workflows are very similar" across models and "the disruption is minimal." Maybe. But RunSafe Security CEO Joe Saunders pointed out that each replacement model needs separate validation and re-authorization, and that "full transition across classification levels requires careful coordination."
Your business probably doesn't have classification levels. But you do have a version of the same problem: untested transitions, undocumented dependencies, and a team that's gotten comfortable with one tool.
The good news is that fixing this is straightforward. It's a weekend project, not a six-month one. Know what you're running on, test an alternative, and document the plan. Then go back to using whatever tool works best for you, with the confidence that you're not locked in.
Multi-Model Is the Right Default
We've written before about why smart businesses use multiple AI models . The Claude ban makes that case more clearly than any argument we could construct.
The AI market is young. Vendors are still figuring out pricing, capabilities, and partnerships. Governments are still figuring out policy. Companies are still being acquired, merging products, and shutting down features. Betting everything on one vendor in this environment is the same as betting everything on one vendor in any rapidly changing market. It's not a question of if something changes, but when.
The businesses that will handle AI disruption best are the ones that treat their AI vendors like any critical supplier: valued, relied upon, but never irreplaceable.
What to Do This Week
If this post made you uncomfortable, good. That means you have AI dependencies worth protecting. Here's where to start:
Fill out the vendor dependency table above. It takes 20 minutes.
Pick your highest-risk dependency and test one alternative.
Store your prompts and templates somewhere you own.
If you want someone to walk through your AI setup and identify where the risk is, book a workflow call with us . We do this assessment for every client before we build anything. We'll tell you where you're exposed and what to do about it, whether that involves working with us or not.
Your AI tools should make your business stronger, not more fragile.