新未名空间

Anduril and Palantir battlefield communication system has deep flaws, Army memo says
Oct 3, 2025, 06:00 GMT-4Refinitiv2 min read

By Mike Stone

The much-needed modernization of the U.S. Army's battlefield communications network being undertaken by Anduril, Palantir
PLTR
and others is rife with "fundamental security" problems and vulnerabilities, and should be treated as a "very high risk," according to a recent internal Army memo.

The two Silicon Valley companies, led by allies of U.S. President Donald Trump, have gained access to the Pentagon's lucrative flow of contracts on the promise of quickly providing less expensive and more sophisticated weapons than the Pentagon's longstanding arms providers.

But the September memo from the Army's chief technology officer about the NGC2 platform that connects soldiers, sensors, vehicles and commanders with real-time data paints a bleak picture of the initial product.

"We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure," the memo says.

Palantir and Anduril did not comment for this story.

The assessment, seen by Reuters and first reported by Breaking Defense, comes just months after defense drone and software maker Anduril was awarded a $100 million to create a prototype of NGC2 with partners including Palantir, Microsoft and several smaller contractors.

The Army should treat the NGC2 prototype version as “very high risk” because of the “likelihood of an adversary gaining persistent undetectable access," wrote Gabrielle Chiulli, the Army chief technology officer authorizing official.

Despite the early September memo's scathing critique, Leonel Garciga, Army chief information officer and Chiulli's supervisor, said in a statement to Reuters that the report was part of a process that helped in "triaging cybersecurity vulnerabilities" and mitigating them.

In March, the 4th Infantry Division used the system in live-fire artillery training at Fort Carson, Colorado, in an exercise Anduril described as demonstrating faster and more reliable performance than legacy systems.

The Army memo identifies some major security gaps.

The report says the system allows any authorized user to access all applications and data regardless of their clearance level or operational need. As a result, "Any user can potentially access and misuse sensitive" classified information, the memo states, with no logging to track their actions.

Other deficiencies highlighted in the memo include the hosting of third-party applications that have not undergone Army security assessments. One application revealed 25 high-severity code vulnerabilities. Three additional applications under review each contain over 200 vulnerabilities requiring assessment, according to the document.

又要爆拉了

要开始吹风了？

勇敢的小猫咪 写了： 2025年 10月 3日 10:12

要开始吹风了？

不知道啥意图。多空都做不得。

居然对太上皇Peter Thiel大不敬，you are fired

暴跌，要不要接飞刀

主要问题；
“"We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure," the memo says”

确实是一个问题。一旦有人闯入系统，就会神不知鬼不觉。

cokecoke 写了： 2025年 10月 3日 10:22

暴跌，要不要接飞刀

$100也不迟，嘿嘿

空了半导体，空了 RGTI。我是反指，欢迎大家跟我反着做。

QUBT 空不了，券商不让买 puts。

疮翁这些人和金主
一是操纵股市搞钱第一
二是皮肤肤色第一
除了填个人腰包能搞出来什么好东西？

QiongGui 写了： 2025年 10月 3日 10:25

空了半导体，空了 RGTI。我是反指，欢迎大家跟我反着做。

QUBT 空不了，券商不让买 puts。

熊套就熊套了，又加了 HIMS puts 下周五的。

QiongGui 写了： 2025年 10月 3日 10:25

空了半导体，空了 RGTI。我是反指，欢迎大家跟我反着做。

QUBT 空不了，券商不让买 puts。

不会啊？你买什么时候到期的

no4everlove 写了： 昨天 02:45

２０２５．１０．１７

QiongGui 写了： 2025年 10月 3日 10:25

空了半导体，空了 RGTI。我是反指，欢迎大家跟我反着做。

QUBT 空不了，券商不让买 puts。

跟了量子计算的扑 下周物理奖有可能是量子计算

基本上是dod内部的IT运营管理问题，不是软件问题，修修rbac和logging就好了

美国的所有系统，被包裹上一层咖喱以后，都是那种屎黄屎黄的样式。

于无声处听惊雷。更大规模的爆炸，会层出不穷。

QiongGui 写了： 2025年 10月 3日 10:12

Anduril and Palantir battlefield communication system has deep flaws, Army memo says
Oct 3, 2025, 06:00 GMT-4Refinitiv2 min read

By Mike Stone

The much-needed modernization of the U.S. Army's battlefield communications network being undertaken by Anduril, Palantir
PLTR
and others is rife with "fundamental security" problems and vulnerabilities, and should be treated as a "very high risk," according to a recent internal Army memo.

The two Silicon Valley companies, led by allies of U.S. President Donald Trump, have gained access to the Pentagon's lucrative flow of contracts on the promise of quickly providing less expensive and more sophisticated weapons than the Pentagon's longstanding arms providers.

But the September memo from the Army's chief technology officer about the NGC2 platform that connects soldiers, sensors, vehicles and commanders with real-time data paints a bleak picture of the initial product.

"We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure," the memo says.

Palantir and Anduril did not comment for this story.

The assessment, seen by Reuters and first reported by Breaking Defense, comes just months after defense drone and software maker Anduril was awarded a $100 million to create a prototype of NGC2 with partners including Palantir, Microsoft and several smaller contractors.

The Army should treat the NGC2 prototype version as “very high risk” because of the “likelihood of an adversary gaining persistent undetectable access," wrote Gabrielle Chiulli, the Army chief technology officer authorizing official.

Despite the early September memo's scathing critique, Leonel Garciga, Army chief information officer and Chiulli's supervisor, said in a statement to Reuters that the report was part of a process that helped in "triaging cybersecurity vulnerabilities" and mitigating them.

In March, the 4th Infantry Division used the system in live-fire artillery training at Fort Carson, Colorado, in an exercise Anduril described as demonstrating faster and more reliable performance than legacy systems.

The Army memo identifies some major security gaps.

The report says the system allows any authorized user to access all applications and data regardless of their clearance level or operational need. As a result, "Any user can potentially access and misuse sensitive" classified information, the memo states, with no logging to track their actions.

Other deficiencies highlighted in the memo include the hosting of third-party applications that have not undergone Army security assessments. One application revealed 25 high-severity code vulnerabilities. Three additional applications under review each contain over 200 vulnerabilities requiring assessment, according to the document.

系统的安全漏洞和访问控制问题如果能检测出来就基本上都能解决，影响的是系统的交付时间。 根据Palantir的声明，他们自己的平台没有安全问题。Anduril的声明说这些是早期发现的安全漏洞，现在已经整改完毕。（不过系统的authentication和authorization部分都没有，还需要客户来反馈，这个主要的集成商，看起来是Andruil, 有很大的责任。 ）
所以对PLTR不会有很大的影响, 最多就是推迟部分营收的确认。核心就是这个系统的功能对用户有没有用。有用的话就会推广使用，从而增加营收。

QiongGui 写了： 2025年 10月 3日 10:12

Anduril and Palantir battlefield communication system has deep flaws, Army memo says
Oct 3, 2025, 06:00 GMT-4Refinitiv2 min read

By Mike Stone

The much-needed modernization of the U.S. Army's battlefield communications network being undertaken by Anduril, Palantir
PLTR
and others is rife with "fundamental security" problems and vulnerabilities, and should be treated as a "very high risk," according to a recent internal Army memo.

The two Silicon Valley companies, led by allies of U.S. President Donald Trump, have gained access to the Pentagon's lucrative flow of contracts on the promise of quickly providing less expensive and more sophisticated weapons than the Pentagon's longstanding arms providers.

But the September memo from the Army's chief technology officer about the NGC2 platform that connects soldiers, sensors, vehicles and commanders with real-time data paints a bleak picture of the initial product.

"We cannot control who sees what, we cannot see what users are doing, and we cannot verify that the software itself is secure," the memo says.

Palantir and Anduril did not comment for this story.

The assessment, seen by Reuters and first reported by Breaking Defense, comes just months after defense drone and software maker Anduril was awarded a $100 million to create a prototype of NGC2 with partners including Palantir, Microsoft and several smaller contractors.

The Army should treat the NGC2 prototype version as “very high risk” because of the “likelihood of an adversary gaining persistent undetectable access," wrote Gabrielle Chiulli, the Army chief technology officer authorizing official.

Despite the early September memo's scathing critique, Leonel Garciga, Army chief information officer and Chiulli's supervisor, said in a statement to Reuters that the report was part of a process that helped in "triaging cybersecurity vulnerabilities" and mitigating them.

In March, the 4th Infantry Division used the system in live-fire artillery training at Fort Carson, Colorado, in an exercise Anduril described as demonstrating faster and more reliable performance than legacy systems.

The Army memo identifies some major security gaps.

The report says the system allows any authorized user to access all applications and data regardless of their clearance level or operational need. As a result, "Any user can potentially access and misuse sensitive" classified information, the memo states, with no logging to track their actions.

Other deficiencies highlighted in the memo include the hosting of third-party applications that have not undergone Army security assessments. One application revealed 25 high-severity code vulnerabilities. Three additional applications under review each contain over 200 vulnerabilities requiring assessment, according to the document.

QiongGui 写了： 2025年 10月 3日 10:25

空了半导体，空了 RGTI。我是反指，欢迎大家跟我反着做。

QUBT 空不了，券商不让买 puts。

当红辣子鸡RGTI 的全球总部，有点磕碜
775 Heinz Avenue, Berkeley, California 94710, United States.

一年股价翻了五六十倍，有了钱全球广纳贤才。

https://www.linkedin.com/company/rigetti-computing

出了qbts，其他都是ppt。

cboe 写了： 昨天 18:19

当红辣子鸡RGTI 的全球总部，有点磕碜
775 Heinz Avenue, Berkeley, California 94710, United States.

一年股价翻了五六十倍，有了钱全球广纳贤才。

https://www.linkedin.com/company/rigetti-computing