- The AI security backlash has reached OpenAI’s doorstep, where a protest used body bags to condemn technology companies’ defense work.
- Executives are responding to the AI security backlash with expanded personal protection, though angry rhetoric does not automatically signal credible danger.
- The dispute centers on a real accountability gap: AI firms increasingly shape military operations while public consent remains thin.
- Security measures may protect leaders, but they cannot resolve public anger over job disruption, surveillance and wartime AI deployment.
Table of Contents
The AI security backlash arrives at OpenAI’s door
Body bags outside an AI company headquarters are designed to make people uncomfortable. That was the point of a protest reported outside OpenAI’s San Francisco office on July 16, where demonstrators placed covered forms alongside a banner listing children killed in a U.S. bombing of an Iranian school. The AI security backlash is no longer confined to online arguments about chatbots taking jobs or models making things up. It now has a physical presence outside the industry’s most powerful labs.
Business Insider’s Stephen Council reported that Tesla Takedown and Stop the Money Pipeline organized the display, framing it as opposition to Big Tech’s expanding work with the Pentagon. The same groups reportedly planned similar actions aimed at Anthropic, Amazon, Google, Microsoft and Tesla. The message was directed at corporate policy, not presented as a threat against individual employees. That distinction matters, even if it is likely hard to appreciate when you arrive at work and find a symbolic crime scene near the front door.
The protest comes as AI executives are already unusually anxious about personal safety. The Wall Street Journal recently described heightened concern inside Silicon Valley after violence at OpenAI chief executive Sam Altman’s home earlier this year, along with a run of alarming messages and attempted office intrusions reported by companies. Firms are hiring more guards, reviewing threats and treating public-facing leaders less like software executives than political figures.

There is a grim logic to that response. Tech leaders have become recognizable avatars for an economic transition that many people did not ask for and do not trust. But the AI security backlash also risks becoming a catch-all explanation for every rude customer message, weird post or frustrated person who wants to talk to a human being instead of a support bot.
Not every hostile message is a real-world threat
One anecdote in the Journal’s reporting makes the problem plain. Anthropic reportedly contacted law enforcement after an Oklahoma man told a customer-support chatbot he would come to the company’s office with a pistol when the system would not connect him to a person. That language is unacceptable. It is also the sort of angry, impulsive rhetoric that businesses have encountered for decades, particularly when they put automated gates between customers and help.
Threat assessment is difficult because companies cannot simply shrug at violent language, especially after actual attacks on public figures and workplaces. Yet overreaction has costs too. Calling police on every angry user can turn an ugly support interaction into a frightening encounter with law enforcement. It can also give tech firms a convenient narrative: critics are dangerous, therefore criticism itself is suspect.
My read is that the AI security backlash needs more careful sorting than the industry has offered so far. A credible plan to enter an office, dox an employee or commit violence deserves a serious response. Peaceful protesters, labor organizers and people objecting to defense contracts do not belong in the same mental folder. Treating them as one threat category is both lazy and politically useful.
Why military AI is the hard part
The body-bag protest was not really about whether ChatGPT writes decent emails. It was about the accelerating connection between frontier AI labs and the U.S. military. That connection has become harder to dismiss as speculative. Anthropic’s systems were reportedly used in support of identifying targets during the opening U.S. strikes on Iran, an example that moves the debate from abstract concerns to immediate questions of responsibility.
AI companies argue that their tools can be deployed with safeguards and human oversight. OpenAI’s published usage policies are not the same thing as public accountability. Who checks whether a system’s output influenced a targeting decision? Who investigates an error? And when a vendor says a human remained in the loop, what did that human actually have time and information to assess?

This is where the AI security backlash becomes more than an executive-protection story. AI vendors have spent years selling the idea that their systems will transform medicine, education, science and office work. Now they are also becoming infrastructure for intelligence and defense. That might be defensible in some circumstances; democracies do have national-security needs. But it requires far more disclosure than glossy product demos and broad assurances about safety.
Silicon Valley has been here before. Employee opposition to military AI work has prompted corporate reconsideration. The difference now is scale. The AI market is larger, the geopolitical pressure is sharper, and companies such as OpenAI and Anthropic are central to a technology race that Washington increasingly treats as strategic competition. Opting out is no longer the easy corporate posture it once was.
The public’s distrust did not appear from nowhere
Polls have repeatedly shown a public more worried about AI’s harms than excited by its promised benefits. An NBC News survey cited in recent coverage found only 26% of respondents viewed AI positively. That is a sobering number for an industry spending billions to put generative systems into search, customer service, classrooms and workplaces.
The reasons are not mysterious. People see employers talking about automation before they see meaningful plans for workers displaced by it. They watch platforms deploy AI companions amid reports of harmful delusions and suicides involving vulnerable users. They see facial recognition, automated surveillance and military applications move from edge cases toward business lines. The AI security backlash is partly about fear, yes, but it is also about a perception that the public bears the risk while a small group of companies captures the upside. That perception gives the AI security backlash a broader constituency than the industry may want to acknowledge.
Altman has contributed to this mood, even when speaking candidly rather than carelessly. His past comments about AI potentially leading to humanity’s end and about helping destroy jobs have traveled widely because they fit people’s existing suspicion: the people building this stuff seem unsure whether they can control it, but expect everyone else to accommodate it anyway.
Guards cannot solve the legitimacy problem
More security around labs may be prudent. No executive, engineer or protester should be harmed over a technology dispute. Full stop. But the industry should resist confusing physical protection with a solution to its broader legitimacy crisis. The AI security backlash will not fade because a black SUV waits outside the office.
What would help? Clearer reporting on defense and intelligence contracts, independent audits of high-risk deployments, meaningful channels for employees and communities to object, and much less hand-waving about who is accountable when an AI-assisted decision goes wrong. Companies cannot demand trust while asking the public to accept opaque systems in areas as consequential as employment, policing and war.
Frankly, the most revealing question is not whether AI leaders feel besieged. It is whether they will treat the AI security backlash as a security inconvenience or as evidence that the industry has sprinted ahead of the consent it needs to keep operating in public life.

