A briefing for contractors, integrators, and the subs who deliver to them. Federal AI guidance keeps moving, but the direction has been consistent for several quarters. Three areas deserve your attention, and none of them reward waiting.
Authorization: AI is inside the boundary, not beside it
The settled expectation across federal customers is that AI capabilities are part of the authorization boundary like any other component — not a bolt-on that gets reviewed later. If a model, an inference endpoint, or a retrieval index touches system data, your authorizing official expects it described in the system security plan, its data flows diagrammed, and its controls mapped alongside everything else.
The practical consequence: "we'll add AI to the authorized system" is a boundary change, with a boundary change's paperwork and timeline. Programs that plan for that from the start keep their schedules. Programs that discover it in month four rebuild — a pattern we documented in our government and defense compliance whitepaper.
What to do: before any AI pilot touches mission data, write one page: what the model sees, where inference runs, what leaves the enclave, and which existing controls cover each flow. If you can't fill in the page, the pilot isn't ready for the boundary.
CUI: the copy-paste problem is now a compliance problem
The fastest-growing risk we see in assessments isn't exotic. It's staff pasting CUI into commercial AI tools that sit outside any authorized boundary — to summarize a document, draft an email, clean up a spec. Each paste is a handling violation, and the aggregate is an incident narrative nobody wants to write.
Assessors and primes have both caught on. Expect questions not just about your policy — everyone has a policy — but about your mechanism: what technically prevents CUI from reaching unauthorized AI services, and what evidence shows the control works.
What to do: give your people a sanctioned alternative before you tighten the blocking. Staff paste CUI into public tools because the tools are useful and no compliant option exists. An approved capability inside the boundary, plus egress controls, plus a short training note beats policy memos alone — and the combination is what assessment evidence looks like.
Flow-down: primes are asking subs about AI now
Prime contractors have started adding AI questions to their supplier questionnaires and flowing AI-use clauses into subcontracts. The recurring questions we see subs receive: do you use AI tools in performance of this contract, which ones, does any contract data reach them, and can you demonstrate the controls?
Answering "no AI use" is increasingly untrue and easily disproven; answering "yes" without documentation invites a follow-up audit. The subs who fare best answer "yes, these tools, inside this boundary, under these controls" — one paragraph, ready before it's requested.
What to do: draft your AI-use disclosure now, as a standing document. Inventory the tools, mark which touch contract data, and note the control for each. When the questionnaire arrives, you attach a page instead of convening a scramble.
The direction of travel
Every quarter the pattern repeats: expectations that started as agency guidance become assessment questions, then contract clauses, then flow-downs. Contractors who treat AI governance as part of ordinary compliance hygiene — inside the boundary, documented, evidenced — keep winning work while competitors scramble.
We deliver AI systems inside federal boundaries as standard practice — see how we work with government and defense organizations, or request the capability statement.