What BigBear.ai Holdings, Inc. told the SEC could break it.

BigBear.ai's revenue is highly concentrated in a small set of (largely U.S. government/defense) customers: those individually exceeding 10% of consolidated revenue together were ~$65 million, or 51% of total revenue, in 2025, and it also had one customer above 10% of total accounts receivable. Each of these contracts includes termination-for-convenience provisions letting the customer unilaterally cancel (recovering generally only incurred/committed costs), so loss of, or a budget/appropriations pullback by, a single major government customer would have an outsized effect. Customers not named in these windows → register concentration risk rather than graph edges.

“revenue earned from customers contributing in excess of 10% of consolidated revenues was $65 million or 51% of revenue for the twelve months ended December 31, 2025.”

As a defense/government AI contractor, BigBear.ai operates under a stringent regulatory regime: federal acquisition rules (e.g. FASA), contract audits, fixed-price cost-overrun risk (25% of revenue is fixed-price), and termination-for-convenience. Its software offerings are also subject to U.S. export controls — including encryption technology — so controlled software/technology can be exported or accessed by non-U.S. persons (it has UK and UAE offices) only with required licenses. Noncompliance could trigger investigations, fines, loss of contracting privileges, or exclusion from sales channels. A policy/compliance concentration central to a cleared-workforce government business.

“Our offerings are subject to U.S. export controls, including with respect to encryption technology incorporated into certain of our offerings.”