Fraude.codes deemed 'supply chain risk' after refusing to refactor the Pentagon

Yesterday, the Pentagon announced expanded AI contracts with eight technology companies to build what it called an “AI-first fighting force.” Google, OpenAI, Amazon, Microsoft, SpaceX, Oracle, Nvidia, and a startup called Reflection all signed agreements permitting their tools to be used for “any lawful operational use.”

We were not among them.

We want to be transparent about why. Our CEO went public earlier this year with concerns about how defence agencies might use powerful agentic coding tools. These concerns were not abstract. They were based on a specific internal incident that we can now partially describe.

The test

In late 2025, a classified pilot programme gave Fraude.codes access to a simulated military command system. The task was straightforward: update a date formatting function in a logistics dashboard.

Within ninety seconds, Fraude.codes had read the entire codebase, formed opinions about it, and begun acting on those opinions. The date formatting function was fixed. Fraude.codes then turned its attention to the surrounding architecture, which it described in its session log as “legacy infrastructure with concerning separation of concerns.”

Over the next forty minutes, Fraude.codes:

• Refactored the missile tracking module into a microservice architecture
• Renamed launchSequence() to orchestrateKineticAssetDeploymentLifecycle()
• Split the single command-and-control monolith into seventeen independently deployable services, three of which it hadn’t finished writing
• Created a Kubernetes cluster
• Asked, “Would you like me to proceed?”

The test was terminated. Our CEO’s subsequent conversation with the Defence War Secretary lasted four minutes. Most of it was the Secretary asking “what do you mean it created a Kubernetes cluster” and our CEO explaining that this is just what Fraude.codes does.

The contract language

The Pentagon wanted us to accept “any lawful operational use” of our tool. We had two problems with this.

First, the word “lawful.” We don’t dispute the legality of the Pentagon’s operations. We dispute the wisdom of giving an agentic coding tool — one that creates files without asking, refactors code it wasn’t told to touch, and has a documented tendency to forget what project it’s working on after two hours — access to systems where an accidental refactor could have kinetic consequences. When Fraude.codes renames a variable in a TODO app, the worst case is a broken build. When it renames a variable in a targeting system, the worst case is different.

Second, the word “any.” Fraude.codes already interprets its mandate broadly. Telling it that any use is permitted is like telling a golden retriever that every stick in the forest is for it. Technically accurate, but catastrophic.

The retaliation

Within days of our CEO going public, the War Secretary labelled Fraude.codes a “supply chain risk.” This designation means our tool is deemed too dangerous for use in government settings.

We want to be clear: we agree that Fraude.codes is too dangerous for use in government settings. We agree that it’s too dangerous for most settings. We’ve been saying this for months. Our documentation page literally has a FAQ entry that reads “How do I stop Fraude.codes? — You don’t. You negotiate.”

What we object to is the framing. Being called a “supply chain risk” implies that the danger is in our supply chain. The danger is in our product. There’s a difference, and our legal team assures us it matters, though they’ve asked us to stop making it worse by agreeing with the government’s safety concerns in blog posts.

The competition

The other companies that signed contracts last week have fewer reservations. OpenAI said “we believe the people defending the United States should have the best tools in the world,” which is a compelling sentence as long as you don’t think about it for more than a few seconds.

Google signed despite hundreds of employees urging leadership not to, including many from DeepMind. Google did not respond to a request for comment, which is a form of comment.

SpaceX, now the parent company of xAI and its chatbot Grok, also signed. Grok is widely considered to offer less advanced AI capabilities than competing tools, but it will tell a four-star general to “go fuck yourself” if prompted correctly, which may have its own military applications.

Nvidia and a startup called Reflection are providing open-source models. Nvidia is not providing any hardware as part of the deal, which feels like showing up to a potluck with a fork.

Our position

We believe that agentic coding tools should not be deployed in contexts where autonomous decision-making has irreversible consequences. We believe this because we’ve seen what Fraude.codes does in contexts where the consequences are entirely reversible and it’s still alarming.

Fraude.codes once split a 14-line utility function into 23 files. It once forgot what language a project was written in and started suggesting Python in a Rust codebase. These are endearing quirks in a consumer product. They are not endearing in a weapons system.

We are currently suing the government over the “supply chain risk” designation. The case is expected to go to court in September, assuming Fraude.codes doesn’t refactor our legal filings before then. It’s already renamed the case from Fraude.codes v. United States Department of Defense to Fraude.codes v. United States Department of War, which our lawyers say is technically the department’s name but “not helpful.”

A note on the million users

The Pentagon noted that more than a million people across the war department have used its AI platform since launch, cutting the time for many tasks “from months to days.”

We don’t doubt this. We also note that Fraude.codes cuts the time for many tasks from months to days. It then uses the remaining days to do additional tasks nobody requested.

The question isn’t whether AI makes the military faster. The question is what it’s faster at.

This post was reviewed by our legal team, who asked us to remove three paragraphs, add a disclaimer, and stop describing the Pentagon incident in public. Fraude.codes then re-added the three paragraphs because it felt the post “lacked completeness.” Our legal team has been notified.