The U.S. Army’s next-generation battlefield communications system, developed by Anduril Industries and Palantir Technologies, has been labeled “very high risk” due to critical cybersecurity vulnerabilities, according to an internal Army memo reviewed by Reuters.
The September 5 memo—written by Gabriele Chiulli, the Army’s Chief Technology Officer and authorizing official for the NGC2 (Next Generation Command and Control) prototype—warned that the system’s “current security posture” could allow adversaries to gain “persistent undetectable access” to sensitive battlefield data.
“We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure,” the memo stated, citing fundamental issues in user access controls and data monitoring.
The NGC2 platform, designed to connect soldiers, sensors, vehicles, and commanders through real-time data sharing, is central to the Army’s modernization drive. Developed in partnership with Microsoft and smaller defense contractors, the project aims to replace legacy communication systems with a unified, AI-enhanced digital backbone.
However, the internal review found that the platform allowed all users to access all applications and data, regardless of clearance level or mission relevance, and lacked logging tools to track user activity. One third-party application integrated into the system was found to contain 25 high-severity vulnerabilities, while three others each had more than 200 issues requiring review.
The memo’s findings—first reported by Breaking Defense—have amplified criticism that Silicon Valley’s “move fast and break things” ethos may be ill-suited for military-grade systems requiring airtight security.
Anduril, founded by Palmer Luckey, dismissed the concerns as outdated. “The report reflects an old snapshot, not the current state of the program,” the company said. Palantir responded that “no vulnerabilities were found in the Palantir platform.”
Army Chief Information Officer Leonel Garciga, Chiulli’s supervisor, acknowledged the seriousness of the findings but said most issues were fixed within “weeks or even days.” He added that only one remaining application still required security improvements and that Palantir’s Federal Cloud Service could soon receive “continuous authority to operate”, allowing faster updates.
The NGC2 system was awarded a $100 million prototype contract earlier this year, as part of a broader Pentagon effort to integrate AI, autonomous systems, and real-time battlefield intelligence into defense operations. Palantir also holds a $480 million contract for Project Maven, the Pentagon’s AI surveillance initiative, while Anduril recently secured $159 million to develop advanced mixed-reality and night vision systems.
Despite assurances from developers, the memo raises profound questions about data control, cybersecurity, and insider access—all crucial concerns as the U.S. military increasingly relies on software-driven decision-making in combat.
On Wall Street, the revelations hit Palantir’s stock, which fell 7.5% on Friday. Anduril, still privately held, has said it plans to go public.
The incident exposes the tension at the heart of the Pentagon’s modernization push: how to harness Silicon Valley’s speed and innovation without compromising the security of national defense networks.
