UAP and Disclosure as an Enterprise Risk

TL;DR

  • UAP/Disclosure is a real, bounded enterprise-risk category — and its consequences are largely DECOUPLED from the metaphysical question. Whether or not the phenomenon is exotic in origin, a government-validated disclosure event, a whistleblower credibility cascade, or an operational airspace-disruption episode each carries concrete consequences for valuations, insurability, contracting, and critical-infrastructure continuity. As of mid-2026 the US government has moved from denial to active, presidentially-directed disclosure (the Department of War's "PURSUE" releases at war.gov/UFO, launched May 8, 2026), making this a live policy event rather than a fringe curiosity.

  • The legislative "hard" disclosure mechanism keeps failing while the executive "soft" disclosure track has accelerated. The Schumer-Rounds UAP Disclosure Act — with its JFK-Records-style Review Board and eminent domain over "recovered technologies of unknown origin" and "biological evidence of non-human intelligence" — has been stripped or excluded from the NDAA three years running (FY24 gutted, FY25 and FY26 excluded). But a February 19, 2026 Trump directive and the PURSUE program have produced rolling declassification, and AARO's caseload now exceeds 2,000 reports. defensescoop

  • Decision-makers should treat this as a Knightian/deep-uncertainty tail exposure managed through scenario planning and robust decision-making, not as a probability-weighted forecast. The defensible posture is to build optionality and resilience against three transmission channels that are already materializing — operational disruption (drone/UAP incursions over bases and infrastructure), a disclosure-driven credibility/repricing cascade, and contractor/oversight exposure — while explicitly holding unconfirmed claims (Grusch's crash-retrieval allegations) below the line.

Key Findings

1. The phenomenon is officially documented but officially unexplained-in-part — not officially exotic. Three Navy videos (FLIR1/"Tic Tac" 2004; GIMBAL and GOFAST 2015) were formally released by DoD on April 27, 2020 and remain officially characterized as "unidentified." AARO's FY2024 Consolidated Annual Report (Nov 14, 2024) logged 757 reports, resolved most to prosaic objects, flagged 21 as meriting further analysis, and stated it has "discovered no evidence of extraterrestrial" activity. The honest current-state read: a real, sensor-corroborated, partially-unresolved data set with no validated exotic explanation.

2. The legislative disclosure track is a documented three-year failure of the "hard" mechanism. The original 2023 Schumer-Rounds UAP Disclosure Act (64 pages, modeled on the 1992 JFK Records Act) was adopted into the Senate FY24 NDAA but gutted in conference; the enacted version (Sections 1841-1843, FY24 NDAA, signed Dec 22, 2023) preserved a NARA records collection and presumption of disclosure but dropped the independent Review Board and eminent-domain provisions. It was excluded again from FY25 and FY26.

3. The executive disclosure track has overtaken the legislative one. A Feb 19, 2026 Trump directive (a Truth Social post, not a formal EO) ordered the Department of War and other agencies to identify and release UAP/UFO files; the resulting PURSUE program (war.gov/UFO) began rolling releases May 8, 2026.

4. Operational disruption is the most concrete, already-materialized channel. The December 2023 Langley AFB drone incursions (17 days), the New Jersey/Northeast drone episode (Nov-Dec 2024), and documented historical nuclear-site incidents establish airspace-security and business-continuity exposure independent of the phenomenon's ultimate nature.

5. The enterprise-risk framing is Knightian, not actuarial. This is "true uncertainty" (Knight), a potential "black swan" (Taleb) or arguably a "gray rhino" (Wucker), best handled through deep-uncertainty methods (RAND's robust decision-making) and scenario planning rather than probability estimates.

Details

Section 1 — The Legislative / Governmental Disclosure Track (primary sources)

The 2023 Schumer-Rounds UAP Disclosure Act (proposed text). On July 13, 2023, Senate Majority Leader Chuck Schumer (D-NY) and Sen. Mike Rounds (R-SD), with cosponsors Rubio, Gillibrand, Young, and Heinrich, introduced the UAP Disclosure Act of 2023 as an amendment to the FY24 NDAA. The Senate Democratic Leadership press release and the bill text establish its architecture: it directed NARA to assemble a "UAP Records Collection," carried a "presumption of immediate disclosure," and was modeled explicitly on the President John F. Kennedy Assassination Records Collection Act of 1992. Its most consequential private-sector provisions were (a) a presidentially-appointed, Senate-confirmed independent UAP Records Review Board, and (b) federal eminent domain over "any and all recovered technologies of unknown origin (TUO) and biological evidence of non-human intelligence (NHI) that may be controlled by private persons or entities." The Act defined UAP as objects exhibiting characteristics such as "instantaneous acceleration," "transmedium travel," and "positive lift contrary to known aerodynamic principles." Records would be disclosed no later than 25 years after enactment unless the President certified an identifiable national-security harm. Senate Democratic Caucus

What was enacted vs. stripped (FY24). President Biden signed the FY24 NDAA on December 22, 2023. Sections 1841-1843 created the NARA UAP Records Collection and the presumption of disclosure, and added §1687 prohibiting use of funds for UAP-related special-access or restricted activities not reported to Congress via the DNI. But the conference (over Pentagon opposition) eliminated the independent Review Board and the eminent-domain mandate. Schumer publicly called it "beyond disappointing that the House has refused to work with us on all the important elements."

FY25 and FY26 — repeated exclusion. Rounds and Schumer re-submitted the UAPDA as SA 2610 to the FY25 NDAA (text in the Congressional Record, July 11, 2024, pages S4943-4950); the House version (H.R. 8070) contained no UAP provisions and the language did not survive. For FY26, Schumer, Rounds, and Gillibrand filed it again as Senate Amendment 3111 to S.2296 (the "UAP Disclosure Act of 2025," nearly identical, including the eminent-domain/Review Board provisions). On October 9, 2025, the Senate finalized an FY26 NDAA agreement that did not include the UAPDA — the third consecutive year of failure. Rep. Eric Burlison (MO-07) separately submitted a UAP Disclosure Act of 2025 as a House amendment to the FY26 NDAA.

What the FY26 NDAA DID enact. The FY26 NDAA was signed into law December 18, 2025 (Public Law 119-60), authorizing $900.6 billion; the House passed it Dec 10, 2025 (312-112), the Senate Dec 17, 2025 (77-20). It included three narrower UAP provisions: (1) expanded AARO congressional briefings on UAP intercepts by NORTHCOM/NORAD, with the first briefing covering intercepts back to January 1, 2004; (2) streamlined/de-duplicated agency reporting of UAP data to AARO; and (3) a requirement that AARO account for all security classification guides governing UAP reporting, with a consolidated classification matrix to appear in AARO's 2026 annual report.

AARO — authority, reports, leadership, posture. The All-domain Anomaly Resolution Office was established July 15, 2022, succeeding the UAPTF and AOIMSG, pursuant to the FY22 NDAA (with quarterly classified reporting to Congress required under 50 U.S.C. § 3373a). Its statutory mandate includes minimizing "technical and intelligence surprise." The Historical Record Report Volume I (cleared for publication March 6, 2024; dated February 2024) reviewed US government UAP efforts since 1945, conducted ~30 interviews, and found "no evidence that any USG investigation… has confirmed that any sighting of a UAP represented extraterrestrial technology." It addressed and dismissed the KONA BLUE proposal (a prospective DHS special-access program never approved) and found that named aerospace companies "denied on the record" ever possessing off-world technology; a metal sample from an alleged crashed craft was assessed as an ordinary terrestrial magnesium-zinc-bismuth alloy. Leadership: founding director Sean Kirkpatrick departed Dec 1, 2023; Timothy Phillips served as acting director; Dr. Jon T. Kosloski (former NSA Research Directorate) was named director August 26, 2024 and remains director in 2026. AARO reached full operational capability in late 2024; Pentagon spokesperson Sue Gough confirmed AARO is "examining over 2,000 UAP cases," roughly half lacking sufficient data, up from ~1,600 in late 2024 (per DefenseScoop, Feb. 25, 2026). The FY2024 Consolidated Annual Report (Nov 14, 2024) detailed 757 reports (May 1, 2023-June 1, 2024), with 49 resolved during the period, 243 recommended for closure, 21 meriting further analysis, and 444 placed in an "Active Archive" for lack of data. AARO operates a secure reporting mechanism on aaro.mil and a prototype sensor suite, GREMLIN. UAPedia + 4

Congressional hearings (official records). July 26, 2023: House Oversight Subcommittee on National Security, the Border, and Foreign Affairs, "Unidentified Anomalous Phenomena: Implications on National Security, Public Safety, and Government Transparency" (2154 Rayburn), witnesses Ryan Graves, Cmdr. David Fravor (Ret.), and David Grusch, all under oath. November 13, 2024: joint subcommittee hearing "Unidentified Anomalous Phenomena: Exposing the Truth," witnesses RADM Tim Gallaudet (Ret.), Luis Elizondo, Michael Gold, and Michael Shellenberger (who entered a report on an alleged unacknowledged special-access program, "Immaculate Constellation"). November 19, 2024: Senate Armed Services Subcommittee on Emerging Threats and Capabilities hearing with AARO Director Kosloski. September 9, 2025: House Oversight Task Force on the Declassification of Federal Secrets held "Restoring Public Trust Through UAP Transparency and Whistleblower Protection" (chaired by Rep. Anna Paulina Luna), with witnesses including George Knapp and military veterans. House Oversight Committee + 3

The 2026 executive disclosure surge (PURSUE). On February 19, 2026, President Trump issued a directive — delivered as a Truth Social post, not a numbered Executive Order — ordering the "Secretary of War, and other relevant Departments and Agencies, to begin the process of identifying and releasing Government files related to alien and extraterrestrial life, [UAP], and [UFOs]." Secretary of War Pete Hegseth confirmed compliance on Feb 23, 2026 ("We're going to be in full compliance with that executive order… we're digging in"). The resulting program — PURSUE (Presidential Unsealing and Reporting System for UAP Encounters) — launched at war.gov/UFO on May 8, 2026 as a multiagency effort (White House, ODNI, DOE, AARO, NASA, FBI). The May 8 batch posted 162 files (120 PDFs, 28 videos, 14 images, 108 redacted), spanning 1947–2026 from FBI, DoD, NASA and State (per AeroTime). Releases followed roughly every few weeks (Release 02 on May 22; Release 03 on June 12, 2026). Hegseth's official statement framed it as bringing "unprecedented transparency."

Section 2 — The Phenomenon Itself (established contours)

The DoD officially released FLIR1 (2004 Nimitz "Tic Tac"), GIMBAL (2015), and GOFAST (2015) on April 27, 2020 via Naval Air Systems Command, stating the footage was genuine and that the objects "remain characterized as 'unidentified.'" Earlier, in September 2019, Pentagon spokesperson Sue Gough confirmed the videos were authentic Navy footage and "part of a larger issue of an increased number of training range incursions." The "five observables" (anti-gravity lift, sudden/instantaneous acceleration, hypersonic velocity without signatures, low observability, transmedium travel) are the canonical characterization framework. On the resolved/unresolved fraction: the June 2021 ODNI Preliminary Assessment examined 144 reports and explained only one with high confidence; AARO's later reports resolve the majority to prosaic objects while a small fraction (e.g., 21 of 757 in FY24) remain "true anomalies" with insufficient data. Kosloski stated in November 2024 there are "interesting cases that I, with my physics and engineering background… do not understand."

The Grusch claims — tiered precisely. What is on the record under oath (July 26, 2023 hearing): Grusch testified he was "informed, in the course of my official duties, of a multi-decade UAP crash retrieval and reverse-engineering program" to which he was denied access, that the US recovered "non-human" craft and "biologics," and that he suffered "administrative terrorism" in reprisal — all based on interviews with ~40 witnesses, not firsthand observation. What is corroborated as procedural fact: the IC Inspector General found his reprisal complaint "credible and urgent" in July 2022; the complaint was filed via attorney Charles McCullough III (the original IC IG); retired Army Col. Karl Nell and others vouched for his character. What is NOT corroborated: no physical evidence has been produced publicly; the Pentagon (Sue Gough) stated AARO "has not discovered any verifiable information to substantiate claims" of possession/reverse-engineering; AARO's Historical Record Report found no such evidence; named contractors (Lockheed Martin, Raytheon, and others named in Elizondo's book) flatly denied involvement. The "credible and urgent" finding pertained to the reprisal/whistleblower process — not a validation of the underlying exotic claims. This distinction must be held firmly. Factually + 6

Section 3 — Enterprise Exposure / Transmission Channels (the analytic core)

Insurance and reinsurance. UAP/Disclosure is an "unknown unknown" of the type that catastrophe and tail-risk modeling handles poorly. Lloyd's frameworks are instructive: its "silent cyber" mandate (requiring underwriters to affirm or exclude unintended cyber coverage in non-cyber policies, with full implementation by Jan 1, 2021) is the closest precedent for handling non-affirmative/silent exposure to an unmodeled peril — and the direct analog for "silent UAP" exposure embedded in aviation, property, business-interruption, and war-risk books. Lloyd's Minimum Standard MS5 requires that the risk-management system cover "all material risks… including emerging risks, quantifiable or non-quantifiable." The COVID-19 business-interruption litigation wave is the most relevant systemic-shock analog: it demonstrated that a correlated, previously-unmodeled, non-physical-damage loss produces massive coverage litigation, and that insurers largely prevailed where policies required "direct physical loss or damage" or contained virus exclusions — winning their motions in just over 85% of cases with a virus exclusion (97 of 114 by end-2020, per The Geneva Papers on Risk and Insurance, 2023); the New Jersey Supreme Court's AC Ocean Walk (Jan 24, 2024) held COVID losses are not "direct physical loss." On scale: APCIA estimated that monthly business-interruption losses for shutdown firms ran $255B–$431B (firms under 100 employees) and $393B–$668B (firms under 500 employees) — against total relevant commercial-property premiums of only ~$4.5 billion a month — with GAO (GAO-24-106075) putting total potential exposure above $1 trillion. This illustrates why correlated, systemic perils are considered functionally uninsurable. The lesson for UAP/Disclosure: a disclosure-driven or incursion-driven correlated shock would turn on precise policy wording (physical-loss triggers, war/terrorism exclusions, "act of God" language, TRIA applicability), and silent exposure is the principal hidden risk.

Capital markets. The transmission mechanism is a credibility cascade: the conversion of a previously-discounted "fringe" topic into an officially-validated reality reprices assets rapidly and across correlations, regardless of the ultimate nature of the phenomenon. Defense-contractor equities carry specific sensitivity to classified-program revelations — allegations that recovered-material programs sit inside primes to evade oversight (whether or not true) create headline, litigation, and contracting-integrity risk for named firms. The general mechanism is well-understood from regime-shift events: sudden declassifications, technology disclosures, and paradigm shocks move correlated baskets faster than fundamentals justify, as positioning and narrative reprice ahead of confirmed facts.

Defense primes / aerospace and the SAP oversight gap. The structural fact that gives the contractor allegations their force — independent of their truth — is the documented opacity of "waived" unacknowledged special-access programs. By statute (10 U.S.C. § 119), acknowledged and non-waived unacknowledged SAPs must report annually to the defense and intelligence committees, but "waived" SAPs are exempted from normal congressional notification and are briefed only to the "Gang of Eight." GAO has repeatedly examined SAP oversight (e.g., NSIAD-93-78 on acquisition SAPs). This genuine oversight gap is a matter of public record and is the mechanism by which credible-sounding concealment allegations (Grusch; the "Immaculate Constellation" claim) gain traction — the system is structurally capable of hiding programs from most of Congress, which is distinct from evidence that it has hidden exotic technology.

Critical infrastructure. This is the most concrete and already-materialized channel. The December 2023 Langley AFB incursions: drones first observed Dec 6, 2023, recurring over 17 days, fluctuating in size/number (some ~20 feet), defeating "dronebuster" countermeasures (per FOIA'd 633d Security Forces witness statements), prompting deployment of NASA WB-57F aircraft; the Pentagon (Sabrina Singh, Oct 2024) confirmed the incursions and said their origin remains unknown. Two months earlier (Oct 2023), five drones overflew the Nevada National Security Site (nuclear-weapons experiments). The New Jersey/Northeast episode (first reported Nov 19, 2024 by the Morris County Prosecutor's Office) drove temporary flight restrictions over critical infrastructure and Picatinny Arsenal; the Biden administration (John Kirby, Dec 12, 2024) attributed sightings to a mix of lawful manned aircraft, hobbyist/commercial/law-enforcement drones, and misidentified stars, finding "no foreign nexus"; the Trump White House (Karoline Leavitt, Jan 28, 2025) said the drones were "authorized to be flown by the FAA… This was not the enemy." A documented legal-authority gap exists: US law generally bars the military from downing drones over domestic bases absent imminent threat, creating a real operational-continuity and force-protection exposure for installations and nearby infrastructure operators. Liberation TimesWHRO

Section 4 — Risk-Category Framing

UAP/Disclosure should be classified as Knightian uncertainty — Frank Knight's distinction between computable "risk" and incomputable "uncertainty." MIT's Andrew Lo explicitly uses "finding intelligent life outside our solar system" as a canonical example of Knightian uncertainty (incomputable randomness). It has the profile of a Taleb black swan (high-impact, retrospectively rationalized, resistant to probability estimation) but, given decades of accumulating official signals, is arguably better seen as a Wucker gray rhino — an obvious, telegraphed danger that institutions decline to act on. Because the probability is genuinely incomputable, the correct toolkit is deep uncertainty / decision-making under deep uncertainty (DMDU): RAND's robust decision-making, which optimizes for performance across a wide set of plausible futures rather than a single forecast; Shell-style scenario planning; and structured analytic techniques/red-teaming from the intelligence community.

The decoupling insight (the essay's core thesis). The enterprise risk is substantially independent of the metaphysical question. A disclosure event, a credibility cascade, or an operational-disruption event carries enterprise consequences — repricing, insurability shifts, contracting and litigation exposure, infrastructure disruption, reputational and governance demands — whether the phenomenon is extraterrestrial, an adversary's technological surprise, a domestic black program, sensor artifacts, or a mix. This decoupling is what makes it a legitimate enterprise-risk category rather than a speculative bet: the forcing function is the official act of validation and the operational facts on the ground, not the resolution of the underlying ontology.

Section 5 — International / Adversary Dimension

Multiple governments maintain or have maintained official UAP postures, which means any confirmation scenario would propagate through institutional channels at different speeds and with uncoordinated messaging. France's CNES has run GEIPAN since 1977, which publishes case files and reports roughly 22% of its ~6,000 catalogued cases as unexplained; the unofficial 1999 COMETA report ("UFOs and Defense: What Should We Prepare For?"), chaired by retired Gen. Denis Letty under IHEDN auspices, examined ~500 international cases, concluded ~5% were inexplicable, and found "the only hypothesis that sufficiently accounted for the facts was the extraterrestrial hypothesis" (citing the Mirage IV 1977 and Air France AF 3532 1994 incidents). The UK Ministry of Defence ran a UFO desk from the 1950s until 2009; its classified Project Condign study (completed 2000, declassified 2006) attributed sightings to misidentification and atmospheric plasma and rejected the ET hypothesis. Japan's posture shifted markedly: Defense Minister Tarō Kōno issued SDF reporting procedures in April 2020 (days after the US video release); a bipartisan Diet caucus formed June 2024, and in March 2026 proposed a dedicated UAP body under the Deputy Chief Cabinet Secretary for Crisis Management, explicitly as a response to the Trump directive; on May 11, 2026 Chief Cabinet Secretary Minoru Kihara confirmed Japan possesses its own UAP footage. Russia/USSR treated cases as sensitive military intelligence. The adversary forcing-functionframing is the most defensible national-security reading: at minimum, UAP represents a foreign-technological-surprise problem (Elizondo testified an adversarial origin "would be an intelligence failure eclipsing that of 9/11 by an order of magnitude"), connecting directly to the strategic-surprise literature and to AARO's statutory mandate to minimize technical and intelligence surprise. Disclosure Archives + 5

Recommendations

Stage 1 — Immediate (regardless of one's view on the phenomenon):

  1. Map silent/non-affirmative exposure. Insurers, reinsurers, and corporate risk officers should inventory where UAP/incursion-driven losses could trigger or be excluded across aviation, property, business-interruption, war-risk, and terrorism books — using the "silent cyber" remediation as the template. Decide affirmatively whether to cover or exclude.

  2. Run the disruption scenario, not the alien scenario. Critical-infrastructure operators and defense primes near sensitive airspace should treat the Langley and New Jersey episodes as the design-basis event: persistent unattributed incursions defeating current countermeasures, with legal-authority gaps preventing kinetic response. Build continuity plans for multi-day operational degradation.

  3. Stress-test for a credibility cascade. Institutional allocators should identify which holdings (defense primes, aerospace, insurers with concentrated catastrophe exposure) are most sensitive to a sudden official-validation headline or a corroborated whistleblower revelation, and pre-position governance and communications.

Stage 2 — Monitoring triggers (benchmarks that should change posture):

  • Escalation triggers: passage of a UAPDA-style bill with eminent-domain/Review Board powers (would directly expose contractors holding "government-funded" UAP records); a PURSUE release or AARO annual report containing physical evidence or a named-program confirmation rather than imagery; any official attribution of incursions to a state adversary (shifts the problem from "science/safety" to "war-risk").

  • De-escalation triggers: AARO resolution of the residual "true anomaly" caseload to prosaic explanations; sustained absence of new infrastructure incursions.

Stage 3 — Governance: Boards should add UAP/Disclosure to the enterprise-risk register explicitly as a deep-uncertainty/tail item, owned by the CRO, reviewed against the triggers above — not because exotic origin is likely, but because the disclosure-and-disruption consequences are real and partly already realized.

Caveats

  • Primary vs. downstream. Bill texts, the FY24 NDAA enacted sections, AARO reports, hearing records, and the war.gov PURSUE releases are primary; many widely-circulated claims (Grusch's crash-retrieval allegations, "Immaculate Constellation," named-contractor involvement) are sworn testimony or advocacy reporting, NOT corroborated fact, and are explicitly held below the line here.

  • The Feb 2026 Trump "executive order" is, per primary sourcing, a Truth Social directive, not a published, numbered Executive Order; Hegseth referred to "that executive order" but the White House declined to confirm a formal EO. Treat the disclosure directive as real in effect but informal in instrument.

  • File counts in PURSUE releases are partly imprecise. The May 8, 2026 batch is reliably reported at 162 files; later-release specifics (Release 03's FBI records, a reported Intelligence Community Assessment, and itemized counts) are secondhand and not itemized in the official war.gov release text.

  • "No evidence of extraterrestrial" is not "evidence of no anomaly." AARO consistently reports a small residual of genuinely unexplained, data-poor cases; the honest position is unresolved-pending-better-data, not closed.

  • This is deep uncertainty. No probability estimate offered here should be read as a forecast; the recommendations are robustness measures, not bets on an outcome.

Previous
Previous

The Silent Book: The UAP Exposure Underwriters Have Already Written