U.S. Military Data Exposed at Andreessen Horowitz Portfolio Startup for 150 Days

Sensitive U.S. military data remained publicly accessible through an Andreessen Horowitz-backed startup for approximately 150 days, exposing potentially classified and mission-critical information to unauthorized parties. The exposure, discovered through standard security monitoring, represents a significant lapse in data handling protocols at a company backed by one of Silicon Valley's most prominent venture capital firms.

The vulnerability stemmed from a configuration error or inadequate access controls at the startup's infrastructure. Over the five-month window, exposed data may have included communications, personnel records, operational details, or other materials designated for restricted handling. Security researchers who identified the breach reported their findings to the company, leading to remediation efforts. However, the extended duration raises questions about whether the information was accessed or exfiltrated by malicious actors during the exposure period.

The incident adds to mounting concerns about how defense-adjacent technology companies manage classified or sensitive government data. Andreessen Horowitz has increasingly invested in companies serving military and intelligence clients, including through its American Dynamism fund. The exposure highlights systemic risks in the defense technology supply chain, where startups often lack the mature security infrastructure of established defense contractors. Federal agencies have intensified scrutiny of contractors' cybersecurity practices following high-profile breaches, and this case could intensify pressure on venture-backed firms to meet higher data protection standards before handling sensitive government information.