Huh, does supply-chain risk mean SecDef can bar a company from all federal contracting?

Correct. And this quickly expands out into most companies in the US as the federal government uses and buys a huge amount of software. A component that you make and sell to X, that is used in Y, which is bundled up in Z that had Anthropic used on it can't be used by the fed.gov.

I have no idea but this went out to all fed agencies from what I could tell looking at the subreddit for fed employees. I was surprised by the notice because my agency does not have a contract with them and obviously we can’t just use any LLM provider.