"The hottest AI stock" Palantir's share price plummets, reports say the U.S. military claims "the system has vulnerabilities," questioning the "Silicon Valley model."

"We cannot control who can see what, we cannot see what users are doing, and we cannot verify whether the software itself is secure."

This stern warning from an internal memorandum of the U.S. Army directly led to a flash crash in the stock price of Palantir, Wall Street's "hottest AI stock," making it the worst-performing component of the S&P 500 on that day. It is worth mentioning that over the past three years, the stock has achieved an astonishing increase of more than 20 times.

The crisis was triggered by a media report on September 30 revealing an internal assessment memorandum signed by U.S. Army Chief Technology Officer (CTO) Gabriele Chiulli on September 5. The memorandum targeted the "Next Generation Command and Control System" (NGC2) prototype led by Anduril, with participation from Palantir and Microsoft, which connects soldiers, sensors, vehicles, and commanders with real-time data.

The memorandum pointed out "fatal flaws" in the system's basic security controls regarding permissions, logs, and third-party applications, and therefore must be regarded as "very high risk."

Despite urgent statements from Palantir, project leader Anduril, and the U.S. military claiming that the memorandum's content was "outdated" and that the issues had long been resolved, Army General Jeth Rey even viewed the early detection of risks as "good news."

However, the official consensus of "manageable risks" clearly failed to fully alleviate investors' concerns over the memorandum's stark warnings. The content disclosed in the report has sparked doubts and reflections in the capital markets about whether Silicon Valley's "rapid action and breaking conventions" model is suitable for defense scenarios.

"Out of Control" System: The "Fatal Flaws" Revealed in the Memorandum

On September 30, the media disclosed an internal assessment memorandum signed by U.S. Army Chief Technology Officer (CTO) Gabriele Chiulli on September 5. The memorandum targeted the "Next Generation Command and Control System" (NGC2) prototype led by Anduril, with participation from Palantir and Microsoft, which connects soldiers, sensors, vehicles, and commanders with real-time data.

The core accusation of the memorandum pointed directly to the "fatal flaws" in the system's basic security controls. It warned that the platform had "serious deficiencies in basic security controls, processes, and governance," making it vulnerable to "internal threats, external attacks, and data breaches." Its conclusion was that, given the possibility of adversaries gaining "persistent and undetectable access," the system must be regarded as "very high risk."

Among the most shocking descriptions was: "We cannot control who can see what, we cannot see what users are doing, and we cannot verify whether the software itself is secure."

The memorandum further listed specific vulnerabilities:

• Permission Control Failure: The system allows "any authorized user to access all applications and data, regardless of their security clearance level or operational need," meaning users at any level may have access to the highest level of sensitive information.

• Tracking Deficiency: The system lacks corresponding operational logs to track user behavior, making it difficult to trace back in the event of data breaches or misuse.

• Third-Party Application Risks: The system hosts third-party applications that have not undergone Army security assessments, one of which was found to have 25 high-risk code vulnerabilities, and three other applications each contain over 200 vulnerabilities awaiting assessment.

In stark contrast to the severe warnings in internal memos, Anduril is actively portraying a picture of great success for the NGC2 system in its public promotions. According to an article published on its official website on September 30, the company prominently showcased the system's outstanding performance during a live-fire exercise at Fort Carson, Colorado:

"Soldiers executed 26 live-fire missions using the M777 howitzer at the live-fire range in Fort Carson, with the AXS system operating alongside traditional teams. The comparison is clear: one team struggled with delays, while the other completed digital firing in seconds."

“Silicon Valley Speed” Collides with the Pentagon’s “Security Red Line”

This incident precisely hits on the long-standing concerns in the defense sector regarding the "Silicon Valley model." Critics argue that the tech industry's philosophy of "moving fast and breaking things" may not be the best development direction for critical military equipment.

New defense tech elites represented by Palantir and Anduril have gained favor with the Pentagon by promising to deliver cutting-edge technology faster and more economically than traditional military giants. For instance, Anduril delivered the NGC2 prototype just eight weeks after winning the contract, exemplifying this "Silicon Valley speed."

U.S. Army Chief Information Officer Garciga also acknowledged that the military is trying to deliver new tools to soldiers "much faster than historically." However, the serious security issues exposed by the NGC2 prototype undoubtedly serve as a wake-up call to this speed-over-all philosophy.

Nevertheless, Garciga affirmed Palantir's position, calling it "the core platform for current operational capabilities and readiness," and laying the groundwork for the Army's future artificial intelligence efforts