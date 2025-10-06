An internal memo from the Department of Defense warns of critical vulnerabilities in the NGC2 program, which is intended to modernize the U.S. Army's battlefield communications. Designed by Anduril and Palantir, alongside Microsoft and other subcontractors, this system, which is supposed to connect soldiers, sensors, and vehicles in real time, received $100m in funding for its prototyping phase. According to the document written in September by Gabrielle Chiulli, the Army's chief technology officer, the project poses a "very high risk" in terms of security. Following this announcement, Palantir's share price fell by 6%.

The memo highlights several fundamental weaknesses: lack of access control based on clearance level, inability to track user actions, and hosting of unvalidated third-party applications. One of these contained 25 serious flaws, while three others currently being evaluated are said to have more than 200 vulnerabilities each. According to the report, these shortcomings potentially expose all sensitive data to abuse and intrusion.

Although Leonel Garciga, the army's chief information officer, downplayed these findings by referring to a normal triage process designed to correct flaws, the episode highlights the challenges posed by the integration of technology start-ups into the military. Despite a promising demonstration in March during an exercise by the 4th Infantry Division, criticism persists about the cybersecurity and operational reliability of these so-called agile solutions. Palantir and Anduril declined to comment on the revelations.