A federal directive ordering U.S. government agencies to stop using Anthropic technology has exposed a problem that extends well beyond Washington: most enterprises have never mapped where AI vendor dependencies actually live inside their operations.
The directive comes with a six-month phaseout window. That timeline assumes agencies already know where Anthropic‘s models sit inside their workflows. Most don’t. And if that sounds like a government problem, it isn’t.
The Visibility Gap Is Wider Than Most Realize
A January 2026 Panorays survey of 200 U.S. CISOs found that only 15% reported full visibility into their software supply chains, up from just 3% a year prior. Separately, a BlackFog survey of 2,000 workers at companies with more than 500 employees found that 49% had adopted AI tools without employer approval. Among C-suite members, 69% said they were comfortable with that.
That’s where undocumented AI dependencies accumulate. Invisible to the security team, they compound quietly until a forced migration makes them everyone’s problem at once.
“If you asked a typical enterprise to produce a dependency graph that includes second- and third-order AI calls, they’d be building it from scratch under pressure,” said Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS. “Most security programs were built for static assets. AI is dynamic, compositional, and increasingly indirect.”
The Contract You Didn’t Sign
An enterprise’s direct contract with Anthropic may not exist. Its vendors’ contracts might. A CRM platform could have Claude embedded in its analytics engine. A customer service tool might call it on every ticket processed. That exposure was inherited, not chosen, and when a vendor cutoff hits upstream, it cascades downstream fast.
Anthropic has stated that eight of the 10 largest U.S. companies use Claude. Any organization inside those companies’ supply chains carries indirect Anthropic exposure, contracted for or not.
AWS and Palantir, which hold billions in military contracts, may need to reassess their commercial relationships with Anthropic to retain Pentagon business. The supply chain risk designation now requires any company doing business with the Pentagon to demonstrate its workflows don’t touch Anthropic.
Shadow AI Carries a Real Price Tag
IBM‘s 2025 Cost of Data Breach Report found that shadow AI incidents now account for 20% of all breaches, adding as much as $670,000 to average breach costs. You cannot execute a transition plan for infrastructure you haven’t inventoried.
A senior defense official described disentangling from Claude as an “enormous pain in the ass,” according to reporting by Axios. If that’s the assessment inside the most well-resourced security apparatus in the world, the timeline for a typical enterprise could be considerably longer.
Why AI Dependencies Are Harder to Track Than SaaS
The SaaS shadow IT wave of the past decade taught security teams a version of this lesson. They responded with CASBs, tightened SSO, and spend analysis. Those tools worked because the threat was visible. A new application meant a new login, a new data store, a new log entry.
AI vendor dependencies don’t leave those traces. “Shadow IT with SaaS was visible at the edges,” Baer said. “AI dependencies are embedded inside other vendors’ features, invoked dynamically rather than persistently installed, non-deterministic in behavior, and opaque.”
Switching vendors doesn’t simplify the picture. “Models are not interchangeable,” Baer noted. “Switching vendors changes output formats, latency characteristics, safety filters, and hallucination profiles. That means revalidating controls, not just functionality.”
The migration sequence she outlined starts with triage and blast radius assessment, moves through behavioral drift analysis, and ends with credential and integration cleanup. “Rotating keys is the easy part,” she said. “Untangling hardcoded dependencies, vendor SDK assumptions, and agent workflows is where things break.”
Photo by Tiger Lily on Pexels
This article is a curated summary based on third-party sources. Source: Read the original article
