A startup that is involved in a sensitive Pentagon project was hacked by a person or group in Russia and did not immediately inform the Defense Department, Wired reported on Tuesday.

The big picture: The company, Clarifai, is one of several working on Project Maven, a Defense Department program that uses artificial intelligence to identify elements like people or vehicles in drone footage. Google, the highest-profile participant, said last month it will not renew its involvement in Maven after an employee petition and several resignations made news.

Why it matters: Pentagon AI efforts like Project Maven are already targets of criticism from AI ethics activists. Security problems will make it that much harder for such projects to build momentum. And with Google leaving, the Pentagon could be left relying on smaller outfits that might be less secure.

The details: Clarifai found out in November that one of its servers had been breached by a Russian source, according to a lawsuit a former employee filed against the company. An incident report seen by Wired said all of Clarifai's code and much of its customer data could have been compromised by the attack. Two people told Wired that Clarifai didn't tell the Pentagon about the data breach for at least several weeks.

What they're saying: In a blog post published Wednesday, Matthew Zeiler, Clarifai's founder and CEO, disputed the Wired story. Zeiler wrote that Clarifai "did not have a security incident putting government or other customer information at risk," and that an investigation found that the "untargeted bot" that infiltrated a server did not access "any data, algorithms, or code." He also said the company notified the Defense Department.