A U.S. military software security review has prompted immediate changes in how the Department of Defense operates its cloud platforms.

According to The Hill, Defense Secretary Pete Hegseth has officially barred Chinese nationals from working on Pentagon cloud systems after concerns emerged over national security risks tied to foreign software developers.

Hegseth’s announcement on Wednesday marked a major shift in internal security protocol after reports surfaced of a development model that had allowed Chinese coders to contribute to sensitive military cloud infrastructure. This model, known as the “digital escort” system, was based on a structure used by Microsoft that allowed supervised contributions from foreign developers under the management of U.S.-based contractors. The Defense Secretary expressed strong disapproval of the arrangement, citing national security threats as a primary concern. “So the use of Chinese nationals to service Department of Defense cloud environments is over,” Hegseth said during the press conference.

Digital Escort Model Raises Serious Red Flags

The digital escort system was initially used by Microsoft and permitted foreign coders, particularly from China, to contribute to coding tasks under oversight by U.S.-registered operators. However, the program operated without formal safeguards to address security gaps, relying instead on informal monitoring that Hegseth and others believe did not go far enough.

One unnamed digital escort involved in the system claimed supervisors were left largely blind to what foreign employees were doing during the development process, raising worries about the potential for malicious code to be inserted into military software. “We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” the escort said in comments released by investigative reporters.

Adding to the confusion, Pentagon officials themselves were unaware that such a system had ever been in operation. Deven King, a spokesperson for the Defense Information Systems Agency, admitted in July that he did not know about the digital escort arrangement.

Microsoft Conducting Free Audit After Pentagon Letter

In light of these revelations, Hegseth ordered a full internal investigation into the digital escort practice and issued a formal letter of concern to Microsoft. The letter documented what he described as a breach of trust and initiated a third-party audit to inspect any vulnerabilities that may have been introduced into defense platforms. Microsoft responded by discontinuing the use of its China-located development teams for all Department of Defense cloud infrastructure. The company also pledged its cooperation with government agencies and committed to enhancing record-keeping and safeguards for national security contracts.

“Microsoft has terminated the use of any China-based engineering teams for DoD cloud systems,” a spokesperson for the company said. The spokesperson also emphasized that Microsoft would continue working alongside U.S. security agencies to tighten software oversight measures where needed.

Vendors Ordered to Review Foreign Involvement

Beyond Microsoft’s role, the Pentagon’s new policy impacts all software vendors doing business with the department. Hegseth mandated that every contractor must now identify and terminate any Chinese involvement in their development processes related to DOD systems.

The sudden policy shift caught many in the defense tech community off guard. “It blows my mind that I’m even saying these things in such common sense that we ever allowed it to happen,” Hegseth said, stressing the importance of prioritizing national security over cost efficiencies or convenience. He continued, “That’s why we’re attacking it so hard. We expect vendors doing business with the Department of Defense to put U.S. national security ahead of profit maximization.”

Separate Inquiry to Investigate Pentagon Employees

In addition to the external audit, Hegseth launched a separate probe within the Department of Defense to examine the internal oversight that allowed the digital escort program to go unnoticed. This investigation aims to identify any employees who may have authorized or ignored the program’s operation without proper safeguards.

“We’ve issued a formal letter of concern to Microsoft…and we’re requiring a third-party audit of Microsoft’s digital escort program, including the code and the submissions by Chinese nationals,” Hegseth noted. “I’m also tasking the Department of Defense experts with a separate investigation.” The goal of both the Microsoft audit and the internal DOD investigation is to uncover whether any hidden or malicious software elements were embedded during the period that foreign nationals had access to the department’s systems.

Increased Scrutiny Over Software Development Practices

Hegseth said that the probes are necessary to determine if any unknown risks were introduced into the DOD’s digital infrastructure. “These investigations will help us determine the impact of this digital escort workaround. Did they put anything in the code that we didn’t know about? We’re going to find out,” he stated. The Department of Defense’s swift action reflects a broader concern nationwide about the security of government technology systems. As cybersecurity threats continue to evolve, practices that were once seen as acceptable under cost-saving models are now being re-evaluated under stricter standards.

For now, the future of foreign participation in U.S. military software development appears to be drastically reduced, if not completely shuttered. The event has sparked a serious reexamination of how government contractors are vetted and monitored.