AI companies are hiring chemical weapons experts for safety — while embedded in military systems

Anthropic, the AI company that has built its brand on safety-first principles, is hiring a chemical weapons and high-yield explosives expert to prevent what it calls “catastrophic misuse” of its AI software. The job listing appears to require experience in chemical weapons and explosives defence, as well as knowledge of radiological dispersal devices — commonly known as dirty bombs.

OpenAI, meanwhile, has posted a similar position for a biological and chemical risks researcher, reportedly offering a competitive six-figure salary. Anthropic’s equivalent role appears to offer a lower salary range.

On the surface, this looks like responsible corporate behaviour: hire domain experts to build guardrails before something goes wrong. But place these job listings alongside the broader institutional picture — Anthropic’s Claude AI embedded in Palantir systems and deployed in US military operations, the company simultaneously suing the Department of Defence, and a complete absence of international regulation governing any of this — and a more complex story emerges. One about the structural contradictions facing AI companies as they attempt to serve both safety and scale, both principle and profit.

The paradox of hiring weapons experts for safety

The logic behind these hires is straightforward enough. As large language models become more capable, they potentially become more useful to bad actors seeking technical knowledge about weapons of mass destruction. Hiring people who understand the threat landscape allows AI companies to test their systems, identify vulnerabilities, and build better filters.

Critics, however, point to an uncomfortable paradox. Tech researchers have raised a fundamental question: “Is it ever safe to use AI systems to handle sensitive chemicals and explosives information, including dirty bombs and other radiological weapons? There is no international treaty or other regulation for this type of work and the use of AI with these types of weapons. All of this is happening out of sight.”

The concern is structural, not conspiratorial. To red-team an AI system against weapons misuse, you feed it weapons-related information and test its responses. The weapons knowledge now lives inside the company’s infrastructure — in the training data, in the evaluation frameworks, in the institutional knowledge of the team. The very act of building the safety guardrail creates a new surface area for potential compromise.

This dynamic mirrors patterns across the defence and intelligence sectors: the tools built for protection inevitably expand the pool of people and systems with access to sensitive information. The question is whether private AI companies, operating without security clearance frameworks or international oversight, are the right institutions to manage that tradeoff.

Stated values versus actual deployment

Anthropic’s institutional positioning has always centred on safety. Reports indicate the company was founded by former OpenAI researchers who left over concerns about the pace of commercialisation and AI safety. Co-founder Dario Amodei has publicly stated that he didn’t think the technology was good enough yet and should not be used for fully autonomous weapons or mass surveillance purposes.

That stated position sits alongside a less comfortable reality. Anthropic’s Claude AI is currently embedded in systems provided by Palantir and being deployed by the US in military operations related to Iran. The company did not seek this arrangement — it negotiated its own contract with the US government — but Claude’s integration into military-adjacent infrastructure is now a fact, regardless of the company’s stated opposition to autonomous weapons.

Meanwhile, Anthropic is taking legal action against the US Department of Defence, which designated the company a supply chain risk over concerns about autonomous weapons and mass surveillance. Big Tech has rallied behind Anthropic in this fight, framing it as government overreach against a safety-conscious company.

The juxtaposition is instructive. The same company that publicly opposes autonomous weapons has its AI deployed in active military operations. The same company that hires weapons experts for safety purposes is fighting the Defence Department’s assessment that it poses supply chain risks. Each position is internally coherent; together, they reveal the impossible contradictions facing AI companies operating at the intersection of commercial incentives, government contracts, and safety commitments.

The regulatory vacuum

What makes these contradictions possible — and perhaps inevitable — is the absence of any governing framework. As observers have noted, there is no international treaty or regulation covering the use of AI with weapons-related information. The Chemical Weapons Convention, the Biological Weapons Convention, and various nuclear non-proliferation agreements were all written for a world where weapons knowledge resided in physical laboratories, classified documents, and the minds of trained specialists.

AI systems operate in a fundamentally different paradigm. A large language model trained on publicly available chemistry literature may already contain enough information to be dangerous in the wrong hands. The question of what constitutes “weapons knowledge” in an AI context — and who should regulate its containment — has no institutional answer yet.

This vacuum means that safety decisions currently rest entirely with the companies themselves. Anthropic decides what counts as catastrophic misuse. OpenAI decides how much to invest in biological and chemical risk research. The high salaries for risk researchers reflect the companies’ assessments of the roles’ importance, but they also reflect a labour market in which AI safety expertise is scarce and companies are essentially self-regulating in domains that have historically been the province of nation-states and international bodies.

The trajectory is worth watching across all major AI-producing regions. China’s leading AI firms face similar questions about dual-use capabilities, as do emerging players across the Middle East and Southeast Asia. The regulatory vacuum is global, and the decisions being made by a handful of companies in San Francisco will shape the threat landscape for billions of people who have no voice in those decisions.

The economics beneath the safety narrative

Follow the money and the picture sharpens further. AI companies occupy an unusual position: they need government contracts to sustain their capital-intensive operations, but they also need the trust of the public and the technical community to attract talent and maintain their brand.

Anthropic’s safety brand is a competitive asset. In a market where Meta and others are restructuring aggressively to fund AI development, Anthropic’s positioning as the “responsible” AI company attracts a specific class of researcher, investor, and partner. The weapons-expert hire reinforces this positioning — it signals seriousness about safety in a way that a policy paper or blog post cannot.

Simultaneously, the company’s integration into military systems through Palantir opens revenue streams that pure consumer or enterprise applications cannot match. Defence contracts offer scale, predictability, and the kind of institutional lock-in that venture-backed companies crave.

The structural incentive, then, is to maintain both tracks: safety-first branding and defence-adjacent revenue. The weapons-expert hire serves the first. The Palantir integration serves the second. The legal fight against the DoD’s supply chain designation serves both — it pushes back against a classification that would restrict government revenue while simultaneously framing Anthropic as a principled actor standing up for responsible AI development.

None of this requires malice or hypocrisy on anyone’s part. Institutional dynamics produce these outcomes as naturally as water flows downhill. A company that genuinely believes in safety can simultaneously pursue defence contracts without experiencing cognitive dissonance, because the institutional structures — investor expectations, talent competition, government procurement processes — reward both behaviours.

The talent drain from public safety to private

There is a quieter dimension to these job postings that deserves attention. When AI companies hire chemical weapons experts at private-sector salaries, they are drawing from a finite pool of specialists — many of whom currently work in government agencies, international organisations, or academic institutions focused on arms control and non-proliferation.

The competitive salaries offered by AI companies for biological and chemical risks researchers dwarf what the Organisation for the Prohibition of Chemical Weapons, the Comprehensive Nuclear-Test-Ban Treaty Organization, or most government defence laboratories can offer. The talent flow is one-directional: from public institutions with oversight mandates to private companies with self-regulatory frameworks.

This dynamic has played out repeatedly across the tech sector — in cybersecurity, in cryptography, in AI research itself. The pattern produces a predictable outcome: private companies accumulate expertise while public institutions lose capacity to evaluate, regulate, or even understand what those companies are doing.

The departure of AI safety researchers from these companies further compounds the challenge. As the BBC reported, at least one prominent AI safety leader has left the field entirely, citing existential concerns about the trajectory of the industry. When the people whose job it is to worry about catastrophic risk conclude that their concerns are not being adequately addressed, it raises questions about the efficacy of self-regulation at any salary level.

What this reveals about AI governance in 2026

The Anthropic weapons-expert hire is a small story that illuminates a much larger structural gap. The world’s most powerful AI systems are being developed by private companies. Those companies are simultaneously pursuing safety mandates and defence contracts. The regulatory frameworks that might govern this intersection do not yet exist. And the talent needed to build those frameworks is being hired away by the companies that would be subject to them.

This is the AI governance landscape in March 2026: companies self-regulating in domains of existential risk, governments oscillating between embracing AI for military advantage and designating its developers as supply chain risks, and international institutions that have not yet convened a serious conversation about how the Chemical Weapons Convention applies to large language models.

The structural incentives point in one direction: toward faster capability development, deeper military integration, and safety work that is genuine in intent but ultimately subordinate to commercial imperatives. Until external regulatory pressure creates a countervailing force, the pattern will hold.

For now, the most consequential decisions about AI and weapons of mass destruction are being made through job listings on LinkedIn. That fact alone tells you everything about where governance sits relative to capability.

Feature image by Mikhail Nilov on Pexels