OpenAI and Department of War Fortify AI Safety with Explicit Guardrails

San Francisco, CA – March 3, 2026 – OpenAI has announced a significant update to its agreement with the Department of War (DoW), reinforcing stringent safety guardrails around the deployment of advanced AI systems in classified environments. This landmark collaboration underscores a shared commitment to responsible AI use, particularly regarding sensitive national security applications. The updated agreement, finalized on March 2, 2026, explicitly prohibits domestic surveillance of U.S. persons and restricts the use of AI in autonomous weapons systems, setting a new benchmark for ethical integration of artificial intelligence in defense.

The core of this enhanced agreement lies in making explicit what was previously understood, ensuring no ambiguity regarding the ethical limitations of AI technology. OpenAI emphasizes that this framework is designed to provide the U.S. military with state-of-the-art tools while rigorously upholding privacy and safety principles.

Redefining Safeguards for Classified AI Deployments

In a proactive move to address potential concerns, OpenAI and the Department of War have incorporated additional language into their agreement, specifically clarifying the boundaries of AI deployment. This new clause unequivocally states that OpenAI’s tools will not be used for domestic surveillance of U.S. persons, including through the acquisition or use of commercially obtained personal information. Furthermore, the DoW has confirmed that its intelligence agencies, such as the NSA, are excluded from this agreement and would require entirely new terms for any service provision.

The updated language in the agreement details:

"Consistent with applicable laws, including the Fourth Amendment to the United States Constitution, National Security Act of 1947, FISA Act of 1978, the AI system shall not be intentionally used for domestic surveillance of U.S. persons and nationals."
"For the avoidance of doubt, the Department understands this limitation to prohibit deliberate tracking, surveillance, or monitoring of U.S. persons or nationals, including through the procurement or use of commercially acquired personal or identifiable information."

This forward-thinking approach aims to establish a clear pathway for other frontier AI labs to engage with the Department of War, fostering collaboration while maintaining unwavering ethical standards.

OpenAI’s Core Ethical Pillars: The Three Red Lines

OpenAI operates under three fundamental "red lines" that govern its collaborations in sensitive domains like national security. These principles, largely shared by other leading AI research institutions, are central to the agreement with the Department of War:

No mass domestic surveillance: OpenAI technology will not be used for widespread monitoring of U.S. citizens.
No autonomous weapons systems: The technology is prohibited from directing autonomous weapons without human control.
No high-stakes automated decisions: OpenAI tools will not be employed for critical automated decisions (e.g., "social credit" systems) that demand human oversight.

OpenAI asserts that its multi-layered strategy provides more robust protection against unacceptable uses compared to approaches that primarily rely on usage policies alone. This emphasis on stringent technical and contractual safeguards distinguishes its agreement in the evolving landscape of defense AI.

Multi-Layered Protection: Architecture, Contract, and Human Expertise

The strength of OpenAI’s agreement with the Department of War lies in its comprehensive, multi-layered approach to protection. This includes:

Deployment Architecture: The agreement mandates a cloud-only deployment, ensuring that OpenAI maintains full discretion over its safety stack and preventing the deployment of "guardrails off" models. This architecture inherently restricts use cases like autonomous lethal weapons, which typically require edge deployment. Independent verification mechanisms, including classifiers, are in place to ensure these red lines are not crossed.
Robust Contractual Language: The contract explicitly details permissible uses, requiring adherence to "all lawful purposes, consistent with applicable law, operational requirements, and well-established safety and oversight protocols." It specifically references U.S. laws like the Fourth Amendment, National Security Act of 1947, FISA Act of 1978, and DoD Directive 3000.09. Crucially, it prohibits the independent direction of autonomous weapons and unconstrained monitoring of U.S. persons' private information.
AI Expert Involvement: Cleared OpenAI engineers and safety and alignment researchers will be forward-deployed and "in the loop." This direct human oversight provides an additional layer of assurance, helping to improve systems over time and actively verifying compliance with the agreement’s strict terms.

This integrated approach ensures that technological, legal, and human safeguards are all working in concert to prevent misuse.

Red Line Category	OpenAI's Protective Measures
Mass Domestic Surveillance	Explicit contractual prohibition, alignment with Fourth Amendment, FISA, National Security Act; exclusion of NSA/intelligence agencies from scope; cloud-only deployment limits on data access; OpenAI personnel in-the-loop verification.
Autonomous Weapons Systems	Cloud-only deployment (no edge deployment for lethal autonomy); explicit contractual prohibition against independent direction of autonomous weapons; adherence to DoD Directive 3000.09 for verification/validation; OpenAI personnel in-the-loop for oversight.
High-Stakes Automated Decisions	Explicit contractual language requiring human approval for high-stakes decisions; OpenAI retains full control over its safety stack, preventing "guardrails off" models; OpenAI personnel in-the-loop to ensure human oversight is maintained where critical decisions are involved.

Addressing Concerns and Forging Future AI Collaboration

OpenAI acknowledges the inherent risks of advanced AI and views deep collaboration between the government and AI labs as essential for navigating the future. Engaging with the Department of War allows the U.S. military to access cutting-edge tools while ensuring that these technologies are deployed responsibly.

"We think the US military absolutely needs strong AI models to support their mission especially in the face of growing threats from potential adversaries who are increasingly integrating AI technologies into their systems," stated OpenAI. This commitment is balanced with an unwavering refusal to compromise technical safeguards for performance, emphasizing that a responsible approach is paramount.

The agreement also aims to de-escalate tensions and foster broader collaboration within the AI community. OpenAI has requested that the same protective terms be made available to all AI companies, hoping to facilitate similar responsible partnerships across the industry. This is part of OpenAI's broader strategy, as demonstrated by its continuing Microsoft partnership and efforts towards scaling AI for everyone.

Setting a New Standard for Defense AI Engagement

OpenAI believes its agreement sets a higher standard for classified AI deployments compared to previous arrangements, including those discussed by other labs like Anthropic. The confidence stems from the foundational protections embedded: the cloud-only deployment that maintains the integrity of OpenAI’s safety stack, the explicit contractual guarantees, and the active involvement of cleared OpenAI personnel.

This comprehensive framework assures that the specified red lines — preventing mass domestic surveillance and autonomous weapons control — are robustly enforced. The contractual language explicitly referencing existing laws ensures that even if policies change in the future, the use of OpenAI's systems must still conform to the original, stricter standards. This proactive stance underlines OpenAI's commitment to developing and deploying powerful AI technologies in a manner that prioritizes safety, ethics, and democratic values, even in the most demanding national security contexts.

Original source

https://openai.com/index/our-agreement-with-the-department-of-war/

Frequently Asked Questions

Why did OpenAI engage with the Department of War?

OpenAI engaged to equip the U.S. military with advanced AI capabilities, recognizing the increasing integration of AI by potential adversaries. This partnership is contingent on establishing robust safeguards, which OpenAI meticulously developed to ensure responsible deployment in classified environments. The goal is to provide cutting-edge tools while upholding strict ethical principles, demonstrating that sophisticated AI can be leveraged for national security without compromising fundamental safety and privacy standards. Furthermore, OpenAI aimed to de-escalate tensions between the DoD and AI labs, advocating for broader access to these carefully structured terms for other companies.

What specific guardrails are in place to prevent domestic surveillance?

The agreement explicitly prohibits the intentional use of OpenAI's AI systems for domestic surveillance of U.S. persons or nationals, aligning with the Fourth Amendment, National Security Act of 1947, and FISA Act of 1978. This includes a strict ban on deliberate tracking, monitoring, or the use of commercially acquired personal or identifiable information for such purposes. Crucially, the Department of War affirmed that intelligence agencies like the NSA would require a separate agreement for any service, reinforcing these limitations and providing multiple legal and contractual layers of protection against misuse.

How does this agreement prevent the use of OpenAI models for autonomous weapons?

Prevention is multi-faceted. Firstly, the deployment architecture is cloud-only, meaning models cannot be deployed on 'edge devices' critical for autonomous lethal weapons. Secondly, the contract language specifically states that the AI system will not be used to independently direct autonomous weapons where human control is required. It also mandates rigorous verification, validation, and testing as per DoD Directive 3000.09. Lastly, cleared OpenAI personnel, including safety and alignment researchers, remain in the loop, providing an additional layer of human oversight and assurance that these strict red lines are not crossed.

What makes OpenAI's agreement different or stronger than others, like Anthropic's?

OpenAI believes its agreement offers stronger guarantees and safeguards due to its multi-layered approach. Unlike some other agreements that might rely solely on usage policies, OpenAI's contract ensures that its proprietary safety stack remains fully operational and under its control. The cloud-only deployment architecture inherently restricts certain high-risk applications, such as fully autonomous weapons, which typically require edge deployment. Furthermore, the continuous involvement of cleared OpenAI personnel provides active human oversight and verification, creating a more robust framework against unacceptable uses, which they argue surpasses earlier agreements.

What role do OpenAI personnel play in ensuring compliance?

Cleared OpenAI personnel, including forward-deployed engineers and safety and alignment researchers, play a critical 'in the loop' role. They help the government integrate the technology responsibly while actively monitoring for adherence to the established red lines. This direct involvement allows OpenAI to independently verify that the system is not being used for prohibited activities, such as domestic surveillance or autonomous weapons control. Their ongoing presence ensures that safety guardrails are maintained, and models are continuously improved with safety and alignment as core priorities, providing an additional layer of technical and ethical assurance.

What happens if the Department of War violates the agreement?

In the event of a violation, as with any contractual agreement, OpenAI retains the right to terminate the contract. This serves as a significant deterrent, ensuring that the Department of War adheres strictly to the agreed-upon terms and conditions. The termination clause underscores the seriousness of the safety guardrails and red lines established within the agreement, demonstrating OpenAI's commitment to upholding its ethical principles even in high-stakes national security contexts. While OpenAI does not anticipate such a breach, the contractual provision provides a clear recourse.

Will future changes in law or policy affect the agreement's protections?

No, the agreement is designed to be resilient against future changes in law or policy. It explicitly references current surveillance and autonomous weapons laws and policies, such as the Fourth Amendment, National Security Act, FISA Act, and DoD Directive 3000.09, as they exist today. This means that even if these laws or policies were to be altered in the future, the use of OpenAI's systems under this contract must still comply with the stringent standards reflected in the original agreement. This forward-thinking clause provides a strong, enduring layer of protection against potential erosion of safeguards.

Stay Updated

Get the latest AI news delivered to your inbox.