A week ago I covered the fight happening in a federal courtroom in San Francisco. The Pentagon designated Anthropic a supply chain risk and moved to ban its AI from defense contracts. The case turned on whether the government can strip an AI company's safety guardrails by procurement fiat. Former federal judges filed briefs. The hearing drew national coverage.
While that courtroom fight was building, on February 19 the VA awarded a contract to deploy AI that listens to clinical conversations between veterans and their doctors at 130-plus medical centers nationwide. One bidder. No competition. No foreign influence review. Not because anyone forgot to check, but because the law requiring that review covers the Department of Defense. The VA is not DOD.
Five months before that contract was awarded, the software subcontractor sold its China business to a Chinese investment firm. Two months before it was awarded, the VA's own Inspector General reported that 3.3 million veteran records had been left unencrypted at a single facility.
No contracting officer was required to know either of those things. The procurement process did not ask.
Washington spent last week litigating whether Anthropic represents a supply chain risk to the Pentagon. This week, I want to show you what the actual supply chain looks like.
The math tells you everything
The Defense Counterintelligence and Security Agency is the federal body responsible for reviewing contractors for Foreign Ownership, Control, or Influence. It is currently scaling from 2,500 companies under review to a target of 43,000.
Its analyst team: approximately 80 people.
The agency cut 126 full-time positions this year under the executive order on workforce optimization. Its director retired in September 2025. His replacement, Justin Overbaugh, took over as Acting Director in November while simultaneously holding the position of Deputy Under Secretary of Defense for Intelligence and Security. At a February 2026 congressional hearing, Overbaugh submitted written testimony describing DCSA as being in an "identity crisis," an agency "cobbled together from disparate programs" that "never truly self-actualized." The House Oversight Committee's own hearing summary put the total projected cost of NBIS at $4.6 billion, nearly a decade behind schedule and $2.4 billion over its original budget.
At the projected pace of 4,300 reviews per year, clearing 43,000 companies would take a decade. That assumes full staffing, zero backlog growth, zero re-reviews, and flawless execution from day one.
The current framework and workforce are not designed for the scale and speed of modern AI-enabled acquisition.
And that is just the defense side.
Civilian agencies are not covered by the FOCI framework at all. The expanded oversight requirements, including Senator Joni Ernst's amendment to the FY2026 NDAA and Section 847 of the FY2020 NDAA, apply only to Department of Defense contracts. The agencies that hold some of the most sensitive personal data in government sit entirely outside the vetting perimeter.
The Pentagon has 80 analysts to review 43,000 companies. It deployed legal resources to designate Anthropic a supply chain risk in the same period it couldn't find a UFWD-connected CEO making parts for the F-35. I am not making a political argument about the Anthropic case. I am pointing at the math.
S&L Aerospace
S&L Aerospace Metals is a Flushing, New York manufacturer that made parts for the F-35, the Black Hawk helicopter, the CH-53K King Stallion, and guided missile systems. Federal contract records show more than $18 million in direct prime awards from the Defense Logistics Agency. When subcontracts are included, reporting places the total near $60 million. The company held a seat on the DHS Critical Manufacturing Sector Security Council.
The CEO, Jerry Wang, holds documented positions in multiple United Front Work Department organizations. According to an investigation by the Daily Caller News Foundation published February 11, 2025, he was photographed at CCP events alongside senior Party officials and founded a U.S.-based nonprofit that operates under UFWD coordination.
The federal government did not discover this. A journalist did.
Senator Ernst wrote to Secretary Hegseth in March 2025 demanding cancellation of S&L's contracts. The House Select Committee on the CCP followed with a letter dated June 16, 2025. Chairman Moolenaar called the DFARS implementation delay an issue that "languished during the Biden Administration" and demanded enforcement of DFARS Section 847.
As of today, no cancellation, suspension, or debarment has been confirmed. A DCSA spokesperson told the Daily Caller that the agency has not vetted S&L because "current law does not give DCSA the authority to do so."
The company that made parts for the F-35 is still waiting to hear whether the government will act.
The Pentagon relies on contractors to certify their own foreign connections. The SF-328 Certificate Pertaining to Foreign Interests is essentially a self-disclosure form.
Wang self-reported nothing. He made helicopter parts for two decades.
The intelligence community version of this gap is more significant. Jupiter Systems made video processing technology installed inside CIA and NSA facilities. In 2020, a Chinese company called Suirui International acquired Jupiter. Jupiter operated inside those facilities under Chinese ownership for five years before CFIUS acted. In July 2025, the President ordered divestiture. Suirui refused to comply. On February 9, 2026, DOJ filed the first-ever lawsuit to enforce a CFIUS divestment order.
Five years. Intelligence community infrastructure. The Chinese parent refused a presidential order. The government needed a first-of-its-kind lawsuit to get them to leave.
The insider threat does not always arrive through ownership. Peter Williams was the general manager of Trenchant, L3Harris's offensive cyber division. He stole at least eight zero-day exploits from air-gapped networks and sold them to a Russian cyber-weapons broker. He received $1.3 million in cryptocurrency and was sentenced February 24 to 87 months in federal prison.
The FBI found him. The vetting framework did not.
The nine percent
S&L Aerospace is not an isolated case. Govini's 2025 National Security Scorecard found that 9.3 percent of all Tier 1 defense subcontractors are Chinese firms. In missile defense, the figure is 11.1 percent. At the Tier 3 level, defense analysts estimate Chinese suppliers exceed 40 percent of the supply base.
The supply chain is not infiltrated in isolated spots. It is structurally entangled in ways the current vetting architecture cannot see, cannot track, and cannot address at the pace of modern acquisition.
Between 2013 and 2022, a single operation run by Onur Aksoy imported tens of thousands of counterfeit Cisco networking devices from China and Hong Kong through 19 shell companies. The devices were relabeled and sold as genuine. They were installed in F-15s, F-18s, F-22s, Apache attack helicopters, P-8 maritime patrol aircraft, and B-52 bombers. Aksoy was sentenced in May 2024 to 78 months. The supply chain verification system did not catch a single device. The Department of Justice did, nine years into the scheme.
The civilian blind spot
Rise8, a certified Service-Disabled Veteran-Owned Small Business, won a task order to deploy ambient scribe AI across the VA healthcare system. Rise8 brought Thoughtworks Federal as its software development subcontractor. The contract value is $4,945,717. The deployment target is 130-plus VA medical centers.
The tool listens to clinical conversations between veterans and their providers. It generates draft clinical documentation from those encounters. It integrates into the VA's Oracle Health electronic health record system. It processes protected health information on a national scale.
The task order was awarded through Rise8's AFWERX SDO IDIQ, a Phase III SBIR vehicle that authorizes any federal agency to issue sole-source task orders without recompete under 15 U.S.C. Section 638(r)(4). One bidder. No competition required. No market research required. No Justification and Approval document required. The authority flowed from an Air Force research competition that had nothing to do with VA health IT.
The IDIQ ceiling is $499 million, with no limitation on individual task order size.
In May 2025, GAO made this pathway permanent. A competitor protested, arguing SBIR Phase III authority should apply only when the core system derived from prior SBIR research. GAO denied the protest. Its ruling: there is "no statutory requirement prohibiting an agency from using Phase III authority to procure an entire system where only a component of the overall system derives from, extends, or completes a prior SBIR effort." One component. Entire system. No competition. That is now legal precedent.
There was no FOCI review. No FedRAMP authorization. No CMMC certification. The VA is a civilian agency. None of those requirements apply.
Thoughtworks
Neville Roy Singham founded Thoughtworks in 1993 and sold it in October 2017 to Apax Partners for $785 million. He does not appear in a single SEC filing for the company from its 2021 IPO through its 2024 take-private. No beneficial ownership. No board seat. No related-party transactions. The company is now wholly owned by Apax Partners, which completed a $1.75 billion take-private in November 2024.
Singham's post-exit activities are extensively documented. The New York Times published a major investigation in August 2023 tracing hundreds of millions of dollars from his personal wealth through a layered nonprofit network to organizations promoting pro-Chinese government narratives worldwide. Senator Rubio referred nine Singham-linked nonprofits to the DOJ for FARA investigation. A February 2026 House Ways and Means hearing described a $100 million Singham network. The House Oversight Committee voted to subpoena Singham personally.
None of those investigations named Thoughtworks as a subject.
In September 2025, five months before the VA Ambient Scribe contract was awarded, Thoughtworks announced that Hillhouse Investment Management would acquire its China local business. The transaction closed in October 2025. Guo Xiao, who ran that business, had served as Thoughtworks' global CEO from 2013 through June 2024, running the company while based in China for significant portions of his tenure. Guo Xiao is now an operating partner at Hillhouse.
What Thoughtworks kept is the detail no outlet has reported. Thoughtworks CEO Mike Sutcliff stated explicitly in the announcement: "Thoughtworks will continue to offer global clients access to exceptional talent in China through our offshore business." Chinese-based Thoughtworks employees still serve global clients through the retained entity, potentially including U.S. government clients. The structure of that retained entity, including data-sharing arrangements, personnel overlap with the sold business, and whether any Chinese employees have access to VA systems, is not publicly disclosed.
Thoughtworks' former General Counsel, Jason Pfetcher, now serves as Treasurer and Director of the People's Support Foundation, a $126 million entity that routed 99 percent of its outgoing grants in 2022 through an overseas intermediary that does not disclose its ultimate recipients. Pfetcher left Thoughtworks in 2017, the same year Singham sold.
When a company sells a major China business unit to a Chinese investment firm five months before winning a sole-source contract to deploy AI into veteran health records, when its former CEO now runs the acquired entity, when its former General Counsel serves as Treasurer of a foundation under active congressional investigation, should a contracting officer know any of this?
The current answer is no. Not because anyone decided it was unimportant. Because the civilian agency FOCI framework does not exist.
The VA's own Inspector General has documented the environment. A 2024 VA OIG audit found that 52 percent of unvetted contract security guards at one VA medical center had criminal records because the VA was not conducting required background checks. A separate January 2026 OIG report found severe, persistent IT security deficiencies: system misconfigurations allowed users to view sensitive HR, taxpayer, and protected health information nationwide, and at one facility alone, 3.3 million veterans' records were left unencrypted. That is the same agency that just sole-sourced an ambient AI tool to listen to clinical conversations at 130-plus medical centers. The VA cannot fully screen the people who walk through its doors. It cannot fully secure the data it already holds. It just awarded a contract to generate more of it, at scale, through a procurement pathway that required no supply chain review at all.
Three risks the vetting system cannot see
The NDAA bans address the obvious: state-controlled entities like Huawei, ZTE, and Kaspersky; actively infiltrated companies like S&L; quietly acquired firms like Lexmark where foreign influence enters through a transaction. Three categories remain invisible to statute entirely.
The departed founder. Biographical association, personnel pipelines to organizations under FARA investigation, and unresolved foreign corporate registry records create due diligence questions the procurement process has no mechanism to surface. Former employees' post-departure activities do not create corporate liability. But when a company's former General Counsel serves as Treasurer of a $126 million foundation under congressional investigation, a contracting officer cannot ask the question. The system does not permit it.
The supply chain ghost. Nine percent of Tier 1 defense subcontractors are Chinese firms. Already embedded in fighter jets and bombers as counterfeit hardware. No mechanism to find them short of a criminal investigation or a journalist with Chinese corporate registry access.
The compliant liar. A contractor certifies cybersecurity compliance, collects full payment, and implements none of the controls they certified. Health Net Federal Services administered TRICARE, covering 9.6 million military members and families, while falsely certifying compliance to DHA. February 2025: $11.25 million settlement. The contractor kept the contract. In May 2025, Raytheon settled an $8.4 million False Claims Act case for using a non-compliant network across 29 defense contracts without the required security plans.
Every ban, every termination, every referral in recent memory came from outside the procurement process. Journalists. Criminal investigators. Congressional staff. Foreign law enforcement. Not one of these cases was self-initiated by the vetting system.
What's being done and what's missing
Congress is moving.
The DOD issued Instruction 5205.87 in May 2024, expanding FOCI review to unclassified contracts. The FY2020 NDAA included Section 847 implementing that framework. Most significantly: the Ernst NDAA amendment was signed into law on December 18, 2025, as part of the FY2026 NDAA. It requires DOD to assess contractors for foreign ownership risks within one year, with automatic contract cancellations as the consequence for missing the deadline. DOD has until approximately December 2026. No public implementation plan exists.
These are real steps. They are not fast enough. And they do not cover the right ground.
The DFARS final rule implementing Section 847 is still pending, six years after the provision passed. Full rollout is unlikely before 2027. DCSA is cutting positions while being asked to scale its review program seventeen-fold. The NBIS system won't be operational until FY2028 at the earliest.
And none of it covers civilian agencies.
The VA just deployed AI that listens to veteran health encounters at scale. The VA is not DOD. No FOCI review was required or performed. The gap in the law is not a loophole. It is the law as written.
Five things to watch
First, whether civilian agency procurement reform gets a sponsor. The VA, SSA, and HHS collectively hold more sensitive personal data than most DOD systems. No senator has introduced legislation extending FOCI requirements to civilian health IT contracts.
Second, whether the Hillhouse acquisition triggered any CFIUS review. Whether that review was conducted, or whether the offshore retained entity falls within CFIUS jurisdiction at all, is not publicly known.
Third, whether Rise8's IDIQ vehicle gets policy scrutiny. A $499 million sole-source authority flowing from an Air Force SBIR competition is now being used to deploy AI into VA clinical encounters without supply chain review.
Fourth, whether DOJ wins the Jupiter/Suirui enforcement lawsuit. If DOJ prevails, it sets precedent that CFIUS divestiture orders are enforceable against non-compliant foreign owners. If it loses or stalls, it signals that a presidential order is optional.
Fifth, whether DOD meets the December 2026 NDAA deadline. The Ernst amendment was signed into law. Miss the implementation deadline and contracts not assessed for foreign ownership risks face automatic cancellation. DOD has approximately nine months.
There is a veteran somewhere in this country who had a hard conversation with his doctor this month. He talked about things he does not tell his family. The appointment was recorded. An AI system generated the draft notes. Those notes went into a federal electronic health record.
He did not know the company that built the AI software sold its China business five months before his appointment. He did not know there was no foreign influence review of that transaction before he sat down in the exam room. He did not know the vetting system that was supposed to protect him covers the Department of Defense but not the Department of Veterans Affairs.
The framework protecting him was designed for a different era. One where 2,500 companies, 80 analysts, and self-disclosure were adequate to the threat. They are not adequate to this one.
Congress gave DOD until December 2026 to implement mandatory FOCI vetting or face automatic contract cancellations. Nine months. No implementation plan in public view.
The door is open. We need to stop pretending otherwise.
