"Red-hot AI stock Palantir plunges as reports say the U.S. military claims 'the system has vulnerabilities,' questioning the 'Silicon Valley model.'"

"Red-hot AI stock Palantir plunges as reports say the U.S. military claims 'the system has vulnerabilities,' questioning the 'Silicon Valley model.'"

```

“We cannot control who can see what, we cannot see what users are doing, and we cannot verify whether the software itself is secure.”

This sternly worded warning from an internal U.S. Army memorandum directly caused Wall Street's "hottest AI stock" Palantir to plummet sharply, making it the worst-performing component in the S&P 500 index that day. It is worth noting that in the past three years, the stock had gained an astonishing more than 20 times in value.

The crisis was triggered after media revealed on September 30 a memorandum signed on September 5 by the U.S. Army’s Chief Technology Officer (CTO) Gabriele Chiulli. The memo targeted the "Next Generation Command and Control System" (NGC2) prototype led by Anduril, with participation from Palantir, Microsoft, and others—a platform connecting soldiers, sensors, vehicles, and commanders to real-time data.

The memorandum directly pointed out that the system had "fatal flaws" in basic security controls such as permissions, logging, and third-party applications, and must therefore be considered "very high risk."

Although Palantir, leading project partner Anduril, and the U.S. military quickly issued statements calling the memorandum "outdated" and claiming the issues had long since been resolved, Army Lieutenant General Jeth Rey even characterized the early identification of risks as "good news."

However, the official consensus that "risks are controllable" clearly failed to fully allay investor concerns over the explicit warnings in the memorandum. The contents revealed have sparked doubts and reflection in the capital markets about whether Silicon Valley's "move fast and break things" model is suitable for defense scenarios.

“Out-of-control” systems: the “fatal flaws” revealed by the memo

On September 30, media disclosed an internal assessment memorandum signed on September 5 by U.S. Army CTO Gabriele Chiulli. The memo was directed at the NGC2 prototype led by Anduril, with Palantir, Microsoft, and others participating—the platform linking soldiers, sensors, vehicles, and commanders with real-time data.

The core accusation of the memo pointed directly to "fatal flaws" in the system's basic security controls. It warned that the platform had "serious deficiencies in basic security controls, processes, and governance," making it vulnerable to "insider threats, external attacks, and data breaches." Its conclusion: Given that adversaries could gain "persistent and undetectable access," the system must be regarded as "very high risk."

The most shocking description among them was: “We cannot control who can see what, we cannot see what users are doing, and we cannot verify whether the software itself is secure.”

The memo further listed specific vulnerabilities:

  • Permission control failure: The system allows “any authorized user to access all applications and data, regardless of their security clearance or operational needs,” meaning users of any level could access the highest level of sensitive information.
  • Lack of tracking: The system lacks corresponding operation logs to track user behavior, making it difficult to trace data leaks or misuse after the fact.
  • Third-party application risks: The system hosted third-party applications that had not undergone Army security assessments; one of them was found to have 25 high-risk code vulnerabilities, and three other apps each had more than 200 vulnerabilities pending assessment.

In stark contrast to the serious warning in the internal memorandum, Anduril was actively publicizing the NGC2 system’s success. According to an article on its website published September 30, the company prominently showcased the system’s outstanding performance in a live-fire exercise at Fort Carson, Colorado:

“Soldiers at Fort Carson's live-fire range used M777 howitzers to complete 26 live ammunition missions, with the AXS system operating side by side with traditional teams. The comparison was clear: one team struggled with delays, while the other could complete digital firing within seconds.”

“Silicon Valley speed”runs into the Pentagon’s “security red line”

This incident precisely hit the long-standing doubts about the “Silicon Valley model” in the defense sector. Critics believe the tech industry’s creed of “move fast and break things” may not be the best development approach for critical military equipment.

The new generation of defense tech companies, such as Palantir and Anduril, won the Pentagon’s favor by promising to deliver cutting-edge technology faster and more cheaply than traditional defense giants. For example, Anduril delivered the NGC2 prototype just eight weeks after winning the contract, the ultimate embodiment of “Silicon Valley speed.”

U.S. Army CIO Garciga also admitted that the military is trying to deliver new tools to soldiers “at a much faster pace than ever before.” However, the severe security problems exposed by the NGC2 prototype are undoubtedly a serious blow to the speed-first philosophy.

Still, Garciga acknowledged Palantir’s position, calling it the “core platform for current business capability and readiness,” and said it “lays the foundation” for the Army’s future AI work.

Risk Warning and DisclaimerThe market contains risks; investments require caution. This article does not constitute personal investment advice and does not take into account individual users’ specific investment objectives, financial situations, or needs. Users should consider whether any opinions, views, or conclusions in this article are suitable for their particular circumstances. Investing accordingly is at your own risk. ```