WASHINGTON, Oct 3 (Reuters) - The much-needed

modernization of the U.S. Army's battlefield communications

network being undertaken by Anduril, Palantir ( PLTR ) and

others is rife with "fundamental security" problems and

vulnerabilities, and should be treated as a "very high risk,"

according to a recent internal Army memo.

The two Silicon Valley companies, led by allies of U.S.

President Donald Trump, have gained access to the Pentagon's

lucrative flow of contracts on the promise of quickly providing

less expensive and more sophisticated weapons than the

Pentagon's longstanding arms providers.

But the September memo from the Army's chief technology

officer about the NGC2 platform that connects soldiers, sensors,

vehicles and commanders with real-time data paints a bleak

picture of the initial product.

"We cannot control who sees what, we cannot see what users

are doing, and we cannot verify that the software itself is

secure," the memo says.

Palantir ( PLTR ) and Anduril did not comment for this story.

The assessment, seen by Reuters and first reported by

Breaking Defense, comes just months after defense drone and

software maker Anduril was awarded a $100 million to create a

prototype of NGC2 with partners including Palantir ( PLTR ), Microsoft ( MSFT )

and several smaller contractors.

The Army should treat the NGC2 prototype version as

"very high risk" because of the "likelihood of an adversary

gaining persistent undetectable access," wrote Gabrielle

Chiulli, the Army chief technology officer authorizing official.

Despite the early September memo's scathing critique, Leonel

Garciga, Army chief information officer and Chiulli's

supervisor, said in a statement to Reuters that the report was

part of a process that helped in "triaging cybersecurity

vulnerabilities" and mitigating them.

In March, the 4th Infantry Division used the system in

live-fire artillery training at Fort Carson, Colorado, in an

exercise Anduril described as demonstrating faster and more

reliable performance than legacy systems.

The Army memo identifies some major security gaps.

The report says the system allows any authorized user to

access all applications and data regardless of their clearance

level or operational need. As a result, "Any user can

potentially access and misuse sensitive" classified information,

the memo states, with no logging to track their actions.

Other deficiencies highlighted in the memo include the

hosting of third-party applications that have not undergone Army

security assessments. One application revealed 25 high-severity

code vulnerabilities. Three additional applications under review

each contain over 200 vulnerabilities requiring assessment,

according to the document.