Elevator Pitch

• An internal Army memo warns that the new battlefield communication system developed by Anduril and Palantir is plagued by major security vulnerabilities, posing a “very high risk” to military operations.

Key Takeaways

• The NGC2 platform, central to the Army’s communications modernization, allows broad data access without proper controls, risking exposure of sensitive information.
• The system lacks user activity tracking and includes unvetted third-party apps with hundreds of software vulnerabilities.
• Despite a successful live-fire exercise, Army leadership acknowledges the system’s flaws and is working to address cybersecurity concerns.

Most Memorable Aspects

• The memo states, “We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure.”
• High-severity vulnerabilities were found in both core and third-party applications, with some apps containing over 200 issues.
• The NGC2 prototype was labeled "very high risk" due to the possibility of undetectable adversary access.

Direct Quotes

• “We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure.”
• “Any user can potentially access and misuse sensitive classified information, with no logging to track their actions.”
• The Army should treat the NGC2 version as “very high risk” because of the “likelihood of an adversary gaining persistent undetectable access.”