Palantir has denied rising security flaw concerns following an 8% decline in its stock price. The alleged vulnerabilities were reportedly found in Palantir, Anduril Industries and Microsoft’s joint venture called the Next Generation Command and Control (NGC2) system, leading to a drop in Palantir’s stock price.
Palantir Technologies Inc. rejected claims that its battlefield communications platform suffers from major security flaws after an internal U.S. Army memo warning of “very high risk” vulnerabilities sparked investor concerns and sent its stock tumbling on Friday.
Palantir , along with the defense technology firm Anduril Industries Inc. and partners including Microsoft Corp., is building the Army’s Next Generation Command and Control (NGC2) system. The platform is designed to connect soldiers, vehicles, commanders, and sensors with real-time data.
But a September 5 memo from Army Chief Technology Officer Gabriele Chiulli raised serious red flags, saying the prototype system contained “fundamental security” problems that left it vulnerable to insider threats, external attacks, and data misuse. The document concluded that the platform should be treated as “very high risk” in its current form.
Palantir has rejected claims of a security flaw
Palantir shares fell more than 8% on Friday, their steepest decline in a day since August, before partially recovering. The company, which has enjoyed a stock rise of over 2,000% in the past three years under President Donald Trump’s administration, was quick to push back on the report.
“The concerns raised in the September 5 Army memo were addressed as part of the normal development process. No vulnerabilities were found in the Palantir platform.” A Palantir spokesperson said in a statement .
Anduril, which is privately held but eyeing an eventual IPO, also dismissed the report. The company said the memo reflected “an outdated snapshot, not the current state of the program,” stressing that risks are routinely identified early and resolved before systems are deployed in the field.
Palantir and Anduril are both riding a wave of lucrative Pentagon contracts under Trump. Palantir recently secured a $480M deal for Maven, an artificial intelligence system designed to analyze battlefield imagery and sensor data, while Anduril signed a $159M contract to develop night vision and mixed reality gear under the Soldier Borne Mission Command program.
‘Very high risk’ concerns
Anduril boasts of producing a working NGC2 prototype just eight weeks after winning the Army contract. In September, the company highlighted the system’s success in live-fire exercises at Fort Carson, Colorado. Soldiers using NGC2 reportedly fired artillery missions in seconds compared with minutes for crews relying on legacy communications.
Supporters argue that this speed and flexibility are exactly what the U.S. military needs to maintain an edge over adversaries like China and Russia, but the leaked memo, first reported by defense news outlet Breaking Defense, paints a less optimistic picture.
The memo stated that the NGC2 prototype’s security posture meant that “any authorized user can potentially access and misuse sensitive classified information,” with no mechanisms in place to log or track their actions.
It also noted that third-party applications integrated into the platform had bypassed standard Army security assessments. One app was found to contain 25 high-severity code vulnerabilities, while three others each contained over 200 flaws awaiting review.
Perhaps most alarmingly, the memo said the Army could not verify whether the software itself was secure, who was accessing what data, or how user actions could be monitored.
“The likelihood of an adversary gaining persistent undetectable access to the platform requires the system be treated as very high risk,” Chiulli wrote.
However, Leonel Garciga, the Army’s Chief Information Officer and Chiulli’s supervisor, told Reuters that the findings were part of a structured process to “triage cybersecurity vulnerabilities” and strengthen the system before wider deployment.
Lieutenant General Jeth Rey echoed this view, saying, “This is a new capability coming in and we found a risk and we mitigated it right out the gate.”
The Army has not said whether the memo will affect the timeline for NGC2’s rollout, but officials insist the development process is designed to treat such problems early, not to reduce confidence in the technology.
Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.
