Overview

• An internal memo from Army CTO Gabrielle Chiulli warns of a likelihood that adversaries could gain persistent undetectable access to the NGC2 prototype.
• The assessment says any authorized user can access all applications and data regardless of clearance, with no logging to track user actions.
• Hosted third-party applications were found with numerous high‑severity code vulnerabilities, including one with 25 and three others each with more than 200 under review.
• Anduril won about $100 million to build the prototype with partners including Palantir and Microsoft, and the 4th Infantry Division tested the system in March at Fort Carson.
• Army CIO Leonel Garciga said the findings support a process to triage and mitigate vulnerabilities, and Anduril and Palantir declined to comment.