Nextgov/FCW - All Content

Nearly 3.4M users across government can use AI through OneGov, GSA official says

Edward Graham — Fri, 15 May 2026 14:51:00 -0400

Millions of federal users can now take advantage of artificial intelligence-specific tools offered through the General Services Administration’s OneGov initiative, an agency official said on Friday.

Speaking on a panel at the ACT-IAC Emerging Technology and Innovation Conference, Birgit Smeltzer — director of GSA’s Office of IT Products, IT Category — said “more than 120 orders have been placed against OneGov’s AI offerings, and that has provided this new technology, or availability, to about 3.4 million across government for this particular technology.”

GSA launched OneGov in April 2025 as a way to offer agencies discounted rates on select private sector technologies and software services by treating the government as one customer. Twenty companies, including Microsoft and Adobe, have reached agreements with GSA so far to offer significant cost savings on some of their products.

These deals have also provided agencies and government personnel with the opportunity to onboard new AI capabilities, which GSA officials previously said is helping speed up government use of and experimentation with the tools.

Smeltzer said multiple agencies have already taken advantage of OneGov’s AI offerings, including the departments of Health and Human Services, Veterans Affairs, Transportation and State, among others. She added that AI offerings accessed through OneGov can enhance workforce familiarity with the tools as the government looks to increase adoption of the capabilities moving forward.

“Now, the agency makes it available to you for maybe a limited time, but you're able to use it in your workday, and can see how it can benefit you and get your work done more efficiently — perhaps without losing your job over [using] it,” Smeltzer said.

GSA officials have touted the cost savings associated with using products purchased through the initiative.

“We want GSA not to just be a shared service across government, but a force multiplier across the government,” GSA Deputy Administrator Mike Lynch said Tuesday at the Coalition for Common Sense in Government Procurement Spring Training Conference in Falls Church.

He added that GSA has identified $1.15 billion in savings through the OneGov program through negotiated discounts of a variety of AI and software tools using the collective buying power of the federal government. The program, Lynch said, will continue to mature in the coming year.

Lynch also said acquiring AI at discounted rates achieved through OneGov is an ideal follow-up for agencies that have experimented with AI and large language models through the USAi.gov shared service platform. Several thousand federal employees have used the USAi platform since GSA launched it last August in response to President Trump’s AI Action Plan.

“We want to see where we can add value, and we’re constantly checking in with industry partners and with agencies to ensure we’re providing world-class service,” Lynch said.

In a statement to Nextgov/FCW, a GSA spokesperson said the AI use and cost savings made possible through OneGov “are real, measurable results from unified buying and direct engagement with [original equipment manufacturers].”

GovExec Editor-in-Chief Frank Konkel contributed to this report.

]]>

Tech bills of the week: Mandatory AI RMF usage; AI for energy generation and storage; and more

Alexandra Kelley — Fri, 15 May 2026 12:51:00 -0400

Modernizing energy grids with data

Legislation introduced by Rep. Jimmy Panetta, D-Calif., on May 7 is looking to update the Energy Act of 2020 by modifying and fortifying select energy storage programs and projects as the national demand for power increases amid growing reliance on artificial intelligence.

The Better Energy Storage and Safety Act seeks to outfit the programs established in the Energy Act of 2020 with advanced data analytics, models and diagnostic tools to improve what the bill describes as the “safe installation and long-term operation of energy storage systems by abating expected failure modes” that could damage power storage systems.

In addition to outfitting energy storage systems with better data tools to assess their functionality, the bill aims to improve the diagnostic, AI, computing and digital twin capabilities included in energy storage systems.

AI proliferation in export control workflows

Rep. Ronny Jackson, R-Texas, also introduced a bill on May 7 seeking to establish an Office of Export Controls and Border Security within the Bureau of Arms Control and Nonproliferation at the Department of State.

The measure, known as the Strategic Export Controls and Border Security Enhancement Act, would direct the new office to craft a strategy for incorporating AI technologies — along with other advanced analytics tools — to help enhance its workflows and activities. Two of the use cases named in the bill include risk identification for customs enforcement in recipient countries.

Push for closed-loop geothermal energy

House lawmakers introduced companion legislation to an existing Senate bill that look to spur more research and development in new geothermal energy systems, with a focus on bringing scientific innovation to commercialization.

Reps. Pat Harrigan, R-N.C., and Andrea Salinas, D-Ore., introduced the Next-Generation Geothermal Research and Development Act on May 13. The proposal seeks to move research and development efforts away from geothermal wells and towards closed-loop geothermal systems, the latter of which requires less subterranean water and maintenance.

“America has an enormous source of clean, reliable, baseload power sitting right beneath our feet, and we are barely scratching the surface of what it can do,” Harrigan said in a statement accompanying the bill’s release. “A supercritical geothermal well can produce more than seven times the energy of a conventional geothermal well, and next-generation geothermal has the potential to deliver 90 gigawatts of power to the United States alone.”

One provision in the bill adds the use of AI algorithms to support next-generation geothermal energy research, amending the bill to leverage ‘‘advanced tools, including machine learning algorithms, to assist’’ in geothermal energy innovation.

The bill would amend the Energy Independence and Security Act of 2007. In April, Sens. Cortez Mastro, D-Nev., and Lisa Murkowski, R-Alaska, introduced the companion legislation in the upper chamber.

Mandatory AI Risk Management Framework usage

Rep. Ted Lieu, D-Calif., introduced a bill on Thursday that would require government agencies to use the AI Risk Management Framework, a set of voluntary guidance published by the National Institute of Standards and Technology in 2023.

The bill specifies that only agencies adopting and leveraging AI technologies into federal workflows would be required to adhere to principles in the AI Risk Management Framework, per a summary of the legislation. Following its introduction, Lieu’s bill was referred to the House Science, Space and Technology Committee.

Key pillars of the RMF are finding ways to increase the trustworthiness and risk mitigation in developing and implementing AI tools into government networks. It underscores a pathway to effective AI risk prevention, which consists of: govern, map, measure and manage.

Safeguarding connected vehicles

The Connected Vehicle Security Act of 2026, introduced on Monday by Rep. John Moolenaar, R-Mich., aims to restrict the import, sale and resale of the software and hardware that powers smart cars and vehicles linked to foreign adversaries.

The bill’s chief aim is securing connected vehicles, defined in the bill as incorporating “advanced information and communications technologies that collect, process, and transmit vast amounts of sensitive data, including geolocation, operational, and personal information, and are capable of being remotely accessed and controlled.”

Software the bill identified as potentially compromising include any machine learning and other AI components that help enable driver decision-making or are used to control an automated driving system within the vehicle. Adversarial nations the bill targets include North Korea, China, Russia and Iran.

While AI systems are highlighted in the bill, it also prohibits the import and sale of middleware, application and system software that directly support vehicle connectivity capabilities.

The hardware prohibited in the bill includes chips, microcontrollers, microcomputers, cell modems, WiFi modules, Bluetooth modules, satellite communication systems and more.

AI for women’s midlife health

Sen. Patty Murray, D-Wash., introduced legislation on Tuesday to improve menopausal and mid-life health care for women, featuring a provision leveraging AI for better diagnostics.

The Advancing Menopause Care and Mid-Life Women’s Health Act calls for a strengthened public health apparatus for women’s midlife care, including public outreach campaigns, research programs and treatment.

It specifically calls for more government oversight efforts to gauge the safety and efficacy of AI-powered devices for new treatments and diagnostic tools designed for addressing midlife, perimenopause or menopausal symptoms.

]]>

Trump says he and Xi discussed cyberattacks and spying between US, China

David DiMolfetta — Fri, 15 May 2026 12:30:00 -0400

President Donald Trump said on Friday that he and Chinese President Xi Jinping discussed cyberattacks and espionage activities carried out by both nations during their bilateral meeting this week.

Speaking to reporters aboard Air Force One during his return flight to the United States, Trump, when asked if he raised the topics in their discussions, said, “I did. And he talked about attacks that we did in China. Y’know, what they do, we do too.”

“They’re talking about the spying. Well, we do it too,” he said. “We spy like hell on them too.”

“I told him, ‘we do a lot of stuff to you that you don’t know about and you’re doing things to us that we probably do know about,’” Trump added.

The president didn’t describe specific cyber campaigns that were discussed. China has made waves in recent years for its sweeping intrusions into telecommunications systems, government agencies and other infrastructure in the U.S. and around the world.

One such campaign, tied to a group known as Volt Typhoon, involves cyberspies burrowing into critical infrastructure systems, like power grids and water treatment plants, with the goal of potentially disrupting or sabotaging them to distract the American public in the event China moves to invade Taiwan, officials have assessed.

Asked about these intrusions, Trump said, “Well, you don’t know that. I mean, I’d like to see it, but it’s very possible that they do.”

The remarks offer a rare public acknowledgment of the clandestine efforts the U.S. deploys to monitor Chinese computer networks and government officials. Intelligence agencies like the NSA and CIA rely on a range of covert tools, capabilities and secret partnerships to track foreign adversaries.

The CIA, in particular, has made a more public effort to recruit Chinese officials as assets. Its video campaigns aimed at recruiting Chinese personnel are working and have “inspired new sources,” an agency official previously said.

Trump’s remarks also reveal a notable diplomatic posture on the issue, particularly given how difficult cyber operations can be to publicly attribute or verify.

Chinese officials routinely deny allegations of hacking and espionage, though Trump’s description of his conversation with Xi appeared to suggest some acknowledgment from Beijing that it has sought to infiltrate U.S. computer networks and recruit American assets of its own.

The White House and the Chinese embassy in Washington did not immediately respond to a request for comment.

Suspected Chinese spies sought out a former senior State Department officer late last year, requesting they draft an assessment of U.S. policy priorities in Venezuela in exchange for payment, Nextgov/FCW reported in January. Such recruitment efforts have resurfaced amid a wave of departures from the federal government over the last year, as the administration has pursued various measures to shrink the federal workforce.

In Trump’s second term, U.S. officials have beenseeking a more hardened approach against foreign hackers and cybercriminal groups. In doing so, they have created a budding market for offensive cyber capabilities that government and industry are still grappling with. Offensive cyber operations would be among the tools the administration plans to use against groups deemed threats to the U.S., according to a counterterrorism strategy released earlier this month.

]]>

Why access to AI does not equal federal mission capability

Jesse Lambert — Fri, 15 May 2026 11:55:00 -0400

The White House National Policy Framework for Artificial Intelligence and the General Services Administration's proposed Basic Safeguarding of Artificial Intelligence Systems clause are two different kinds of signal from the administration. One is broad policy direction; the other is operational. Read together, they suggest that the federal AI conversation is moving past access and into execution: data rights, oversight, traceability, portability and the conditions under which AI can actually be used in mission environments.

That shift matters because access to an AI tool is not the same as mission capability. In my work on AI adoption in regulated environments, the hard part is rarely getting a tool in front of users. It is defining what data can be used, who can review outputs, how the system fits existing workflows and what happens when the model, provider, or contract terms change.

Those questions tend to surface late, often after an initial pilot has already demonstrated technical promise. By that point, agencies are forced to reconcile early experimentation with the realities of procurement, compliance and long-term sustainment. This is where many efforts stall — not because the technology underperforms, but because the surrounding conditions for responsible use were never fully defined.

Where the GSA clause gets specific

That is why the proposed GSAR 552.239-7001 clause matters. Yes, it requires contractors to disclose the AI systems used in contract performance within 30 days after award. But the more important point is what sits around that disclosure: government ownership of government data and custom development, restrictions on using that data to train or improve models, human-oversight and traceability requirements, portability provisions meant to reduce lock-in and notice requirements around material system or service-provider changes.

This is not just a compliance exercise; it is the outline of a more disciplined federal operating model for AI procurement and use. Agencies are being pushed to ask harder questions earlier: what enters the system, what leaves it, how it can be monitored, who can intervene and whether it can be changed or exited without starting over. Contractors should read the clause the same way. The issue is no longer simply whether an AI tool performs, but whether it can be used on terms the government can actually live with.

Taken together, these requirements begin to define the boundaries of acceptable AI use in federal environments. Portability, for example, is not just about vendor flexibility; it is about ensuring continuity of mission if a provider changes terms or no longer meets operational needs. Similarly, traceability is not an abstract governance principle — it is what allows agencies to validate outputs, respond to audits and maintain accountability in high-stakes environments.

Execution still depends on the workforce

None of this makes execution automatic. The White House framework is right to emphasize workforce development and the gap is real: policy and contract structure can create better conditions for adoption, but they do not create capability on their own. Agencies still need people who know how to evaluate outputs, manage risk and incorporate AI into real workflows rather than one-off demonstrations.

Recent research from the 2026 EY Federal Trends Report shows that while nearly all federal leaders view AI as critical, 44% identify the workforce skills gap as the primary barrier to modernization. This gap means that even advanced infrastructure will remain underutilized without a parallel investment in people.

Empowerment requires more than just granting access to a tool. True capability comes from structured support that helps staff understand how to safely incorporate AI into daily workflows. The practical issue is not generic AI literacy. It is operational fluency. Teams need to know when to trust the system, when to escalate, how to document its use and how to work inside the controls that procurement and governance now make more explicit. Without that, agencies will keep mistaking pilot activity for durable capability. When employees feel supported, they use these tools to process data and serve the public more effectively.

What agencies should ask now

The next step for agencies is not another round of abstract AI enthusiasm. It is a harder review of whether current pilots can survive contact with real contracting, oversight and operational demands. That means looking at each effort not just for model performance, but for governability.

In practical terms, agency leaders should now ask three questions of every serious AI effort. What rights and controls over data, outputs and model change are actually secured in the contract? Who owns oversight, escalation and operational adoption once the pilot ends? And if the tool works, can the agency scale it or transition away from it without rebuilding from scratch? Those questions get closer to mission capability than simply knowing a team has access to an AI tool.

The administration’s recent moves matter less because they endorse AI in the abstract than because they make the execution challenge harder to ignore. The White House framework sets a direction of travel. The GSA clause begins translating that direction into procurement and operating conditions. The agencies that move fastest from access to capability will not be the ones with the most pilots. They will be the ones that can govern, absorb and scale these systems in ways that hold up under real mission demands.

Jesse Lambert is Senior Principal for Strategy & AI Adoption at Evans, a strategic management services firm. He works with federal mission organizations on AI adoption, governance, operating models and modernization in regulated environments.

]]>

ODNI assigns two officials to lead intelligence coordination on election threats

David DiMolfetta — Thu, 14 May 2026 18:21:00 -0400

The Office of the Director of National Intelligence recently named two officials to a role coordinating with the nation’s spy agencies on threats against the 2026 midterm elections, according to a congressional source and a second person familiar with the matter.

Dave Mastro and James Cangialosi will jointly oversee the intelligence community’s election threat mission, serving in the role of election threats executive. Both sources requested anonymity to communicate the appointments.

Mastro serves on the National Intelligence Council, which produces intelligence assessments drawn from findings across the nation’s spy agencies, including reports requested by Congress and senior policymakers. Cangialosi serves as deputy director of the National Counterintelligence and Security Center.

“We have an expansive team of professionals at ODNI focused on carrying out President [Donald] Trump’s and [Director of National Intelligence Tulsi] Gabbard’s election integrity efforts,” which includes Mastro and Cangialosi, ODNI spokesperson Olivia Coleman said in a statement.

The office is also “providing robust briefings, on par with efforts traditionally carried out during election years, to protect election integrity this midterm cycle,” Coleman said.

For months, it was unclear if ODNI ever named an election threats executive responsible for leading the intelligence community on election security for the coming midterm cycle.

The Record first reported the appointments.

Established in 2022, the Foreign Malign Influence Center was designed to coordinate spy agencies’ efforts to identify and assess foreign influence and disinformation threats targeting elections. But an overhaul inside ODNI launched last summer shifted many of the center’s responsibilities to the National Counterintelligence and Security Center and the National Intelligence Council, with ODNI arguing the previous structure raised constitutional concerns over coordination with social media companies.

The election threats executive — created in 2019 during Trump’s first term — typically oversees an “Experts Group” that analyzes intelligence on foreign interference efforts.

Election threats can include cyberattacks on voting systems, foreign influence operations and disinformation campaigns aimed at undermining public trust in elections.

The assignments come as Gabbard has faced criticism over her involvement in the White House’s broader review of election security outcomes, including scrutiny from Democrats tied to her presence during an FBI raid on a Georgia election office and ODNI-led examinations of voting machines in Puerto Rico.

This year’s annual intelligence assessment of worldwide threats to the U.S. did not describe foreign threats to the nation’s elections, the first time in nearly a decade.

Trump has continued to falsely claim the 2020 election was stolen from him, despite courts, audits and state reviews finding no evidence of widespread fraud that would have changed the outcome.

The appointments also come amid broader changes to the federal government’s election security apparatus ahead of the 2026 midterms. In recent months, Democrats and state election officials have raised concerns over cuts to election-focused programs at the Cybersecurity and Infrastructure Security Agency, which has lost around a third of its workforce in the last year.

]]>

House panel approves slate of DHS intelligence reform bills

David DiMolfetta — Thu, 14 May 2026 17:22:00 -0400

The House Homeland Security Committee advanced a raft of bills on Thursday seeking to refine the Homeland Security Department’s Office of Intelligence and Analysis and improve its ability to defend against various threats targeting state, local, tribal and territorial communities.

The seven bipartisan bills mark Congress’ latest attempt to shore up the intelligence office after a year of workforce upheaval and longstanding bipartisan pressure for reforms tied to concerns over politicization and surveillance overreach.

A centerpiece measure led by Rep. August Pfluger, R-Texas — who chairs the panel’s counterterrorism and intelligence subcommittee — seeks to clarify I&A’s role under the Homeland Security Act by emphasizing the office’s responsibility to facilitate two-way threat intelligence sharing between federal authorities and state and local partners.

Other Democrat-led measures included efforts aimed at updating how DHS handles public threat warnings, shares intelligence and trains analysts. The proposals would push DHS to modernize the nation’s terrorism alert system, increase support for state and local officials facing potential foreign espionage risks and require more standardized training for intelligence personnel on analytic standards, privacy and civil liberties protections.

“It’s no secret that I&A has had challenges in the past. Concerns around mission overreach, political bias and other hurdles have hurt this agency's reputation,” Pfluger said during the committee markup of the measures. “Yet everyone here recognizes how important its mission is to securing the homeland.”

The Trump administration is seeking to combine I&A and the department’s Office of the Secretary and Executive Management, Management Directorate and Office of Situational Awareness into a single unit reporting to the DHS secretary. It’s not clear how these measures would run up against those efforts. The new structure would not affect its oversight under the Office of the Director of National Intelligence, an administration official previously told Nextgov/FCW.

I&A was slated for major workforce reductions in President Donald Trump’s second term, Nextgov/FCW first reported last July. Those plans, which would have only kept some 275 people at the office, drew major pushback from law enforcement organizations and Jewish groups that long relied on the agency to disseminate timely intelligence about threats that concern their communities.

The downsizing was put on hold just days later, but I&A reignited efforts soon after to shed its workforce more gradually. As of now, the office has around 550 full-time employees, according to a person familiar with the matter who requested anonymity to provide the figure. That number preserves more staff than the initial plans to cap the workforce at 275, but it is still half of the 1,000-person operation in place earlier last year.

The office falls within the purview of the Senate and House Intelligence committees, but its status as a DHS component also subjects it to oversight from the Homeland Security panels in both chambers of Congress.

In November, Nextgov/FCW reported that the House Intelligence Committee privately weighed a measure in the annual intelligence community authorization bill to significantly curtail the size and scope of I&A. The provision would have barred the office from gathering and analyzing intelligence, effectively turning I&A into a clearinghouse for intelligence findings produced elsewhere and stripping it of standard spy agency collection authorities.

The lesser-known intelligence office at DHS has faced controversy for its role in alleged unchecked domestic surveillance. During the 2020 racial justice protests, I&A analysts collected intelligence on journalists and demonstrators in Portland, Oregon, which sparked vast internal oversight and led to the removal of a top official.

A separate congressional probe after the January 6, 2021, riots at the U.S. Capitol found that I&A and the FBI received numerous tips about online posts threatening violence at the site of the day’s events, but that such intel was not analyzed and flagged to law enforcement.

The office was created as part of the formation of DHS after the Sept. 11 terrorist attacks to coordinate intelligence on homeland threats and expand information sharing with state and local authorities.

]]>

NIST aims for summer release of AI cyber guidelines

Alexandra Kelley — Thu, 14 May 2026 16:05:00 -0400

The National Institute of Standards and Technology is slated to debut new guidance on artificial intelligence-specific cybersecurity to help mitigate AI-enabled digital threats while maximizing the benefits of safe AI adoption.

Speaking at a Qualys conference on Thursday, Victoria Pillitteri, the manager of the Security Engineering and Risk Management Group at NIST, said she expects a cybersecurity framework profile for AI to debut “sometime this summer” pending agency approval.

The forthcoming draft AI cybersecurity framework is slated to be accompanied by guidance on control overlays — or sets of tailored cybersecurity baselines to manage risks unique to different AI systems — with the help of NIST’s Center for AI Standards and Innovation.

Pillitteri told Nextgov/FCW that her team and CAISI have started to develop a series of overlay guidance focused on cyber threats targeting agentic, predictive and generative AI systems.

“This [administration’s] priority is speed; being innovative and scaling at speed,” Pillitteri said. “So that means everything does have to move faster. We're trying to evolve the way that we develop, maintain and engage with our stakeholders. For our standards and guidelines, we're trying to ensure that we are addressing these critical areas where cybersecurity intersects AI on multiple fronts.”

She said the draft of overlay guidance for predictive AI is expected to arrive this summer, while the overlay guidance on agentic systems is due in late summer to early fall. NIST plans to finalize the guidance by 2027.

“The intention is to issue all of these guidelines sequentially in draft,” Pillitteri said. “This way we can take lessons learned, improvements, revise everything, but yet still get something out quickly, because we realize adoption is happening now.”

As the federal government mulls how best to understand the digital risks posed by increasingly powerful AI models — such as Anthropic’s Mythos Preview model that was unveiled in its Project Glasswing testing initiative — CAISI will play a key role.

Last week, the Department of Commerce announced it secured new agreements between leading AI developers Google DeepMind, Microsoft and xAI to submit their models for testing in CAISI. Researchers at CAISI will specifically look at the national security ramifications of these companies’ frontier AI models.

As of Thursday, the press release announcing the private sector partnership with CAISI has been removed. The Washington Post reported on Monday that a person familiar with the decision said the page was removed because of sensitivities within the White House.

Pillitteri said that while standards disseminated by NIST can’t keep pace with rapidly evolving technologies like AI, the forthcoming guidance aims to offer a fundamental playbook for vendor and supply chain partners to constantly fortify their data security infrastructure.

“It's not a rip and replace,” she said. “It's, ‘How do we augment what we have? How do we adapt the technologies, the architectures, our products, solutions and services, and how do we augment our workforce … to support the future needs that we're building for ahead?’”

]]>

VA security personnel aren’t detecting knives or booze, according to a watchdog report assessing medical facility security

Sean Michael Newhouse — Thu, 14 May 2026 15:32:00 -0400

Police officers who guard Veterans Affairs Department medical facilities failed to address security issues in a majority of covert tests conducted by the Government Accountability Office, which also determined that VA leaders have not fully implemented federal building security best practices.

The report, which was published on Wednesday, found that:

VA staff at all 30 locations that were examined failed to detect a multi-tool with a prohibited knife blade. Investigators noted that only two of the buildings had metal detectors: one of them was not in use and in the other case the device set the detector off but officers did not act on it.
In 25 out of 26 tests, VA employees did not notice or respond to an undercover GAO investigator who was drinking from a bottle that appeared to contain alcohol in a waiting room, even though guards were nearby in more than a quarter of the cases.
At eight of 16 facilities, investigators were able to enter nonpublic spaces, such as offices, treatment rooms and a blood draw lab.

In 2025, GAO similarly reported that contracted guards for agencies governmentwide failed to detect prohibited items in about half of its covert tests.

The VA has more than 4,300 police officers, physical security specialists and investigators as well as roughly 800 contract security guards.

VA’s inspector general found that in fiscal 2025 police officers were the most frequently reported severe nonclinical occupational staffing shortage in the department, with 58% of medical facilities saying they didn’t have enough security personnel.

Quinn Slaven, VA’s press secretary, said by email to Government Executive that officials have worked to address the issue by collaborating with the Office of Personnel Management to reclassify department police officers so that they can receive higher pay. He also said that the VA has consolidated law enforcement operations under one office, so that officers aren’t reporting to multiple different medical center directors.

GAO also faulted the VA for not adhering to Interagency Security Committee risk management standards for federal buildings. Specifically, officials are not consistently documenting why they make certain security decisions considering available resources or measuring the performance of protective measures.

The watchdog recommended that VA enact the government facility security guidelines.

“By fully implementing this standard, VA will be better able to make informed decisions, effectively allocate resources and prioritize security efforts at its medical facilities,” they wrote. “In addition, fully implementing this standard could help VA ensure it has appropriate security at its medical facilities to create a safe environment for veterans and VA staff.”

In the new report, GAO also found that about 98% of the approximately 74,700 crimes reported by the VA police in fiscal years 2024 and 2025 were nonviolent.

GAO said in the report that the VA did not provide comments on the investigation. Agencies typically offer feedback on investigations by the watchdog that officials then incorporate into the report. Slaven, however, told Government Executive that the VA did submit comments but that GAO didn’t include them.

In response, a GAO spokesperson said that VA submitted a message agreeing with the recommendations in the report after it had been sent to the senator who requested the investigation.

]]>

White House withholds $1.3B in Medicaid payments to California amid broader fraud crackdown

Edward Graham — Thu, 14 May 2026 13:28:00 -0400

Vice President JD Vance announced on Wednesday that the federal government is “deferring” $1.3 billion in Medicaid reimbursements to California and said the administration would withhold payments from additional states if they do not ramp up their efforts to root out fraud in federal benefits programs.

The notice came as part of President Donald Trump’s “war on fraud,” which Vance is leading as the head of the White House’s anti-fraud task force.

The unit, established in March by executive order, was granted the authority to withhold funding from state and local jurisdictions “that do not have adequate anti-fraud requirements,” per the order, although the effort has been somewhat clouded by allegations of political bias. The directive establishing the task force noticeably specifically called out Democrat-led states for failing to address fraud in their benefits programs.

The White House kicked off its fraud prevention efforts by announcing in February it was withholding more than $240 million in Medicaid funding from Minnesota following allegations of misuse of public funds in the state’s social services.

Vance said the move to withhold Medicaid payments from California, in particular, was because the administration believes the state “has not taken fraud very seriously.”

He downplayed any partisan undertones for the administration’s broader fraud prevention push, saying “we have red states and blue states that go after fraud aggressively,” although he added that “we also unfortunately have some states — mostly blue states, unfortunately — that do not take Medicaid fraud very seriously.”

During Wednesday’s news conference, Vance also said the federal government plans to review every state’s federally-funded Medicaid Fraud Control Units — or MFCUs — and will “turn off” funding for those watchdogs if their fraud prevention efforts are deemed insufficient.

“And if we continue to find problems, we can turn off other resources within their state Medicaid programs as well,” he added.

The Wall Street Journal first reported on Wednesday that attorneys general in all 50 states received a letter from Department of Health and Human Services Inspector General Thomas Bell stating that the administration will be conducting “a robust review” of their MFCUs to ensure they are effectively combating Medicaid fraud.

“We want to help you use technology and other tools to get rid of the fraud, to get to the root of the fraud,” Vance said during the news conference about working with states to bolster their fraud prevention efforts. “We want to help you, but we can only help these state programs if those state programs are willing to help themselves. So these letters are the first step — the first effort — to try to force these states to get serious about prosecuting fraud, and that's exactly what we're doing.”

The Centers for Medicare and Medicaid Services also announced on Wednesday that it is implementing a six-month freeze on all new Medicare enrollments for hospices and home health agencies to halt what it called “high-risk categories” for fraudulent activity.

Since the start of Trump’s second administration, CMS has touted its use of new tools and technologies, including artificial intelligence, to better identify improper payments.

During a March interview with Nextgov/FCW, Kim Brandt — deputy administrator and chief operating officer at CMS — said the agency was using many of these capabilities in its Fraud Defense Operations Center to help “detect spikes or aberrancies in current claim submissions.”

Brandt said at the time FDOC’s work, including the use of AI and enhanced data analysis, allowed the agency to save over $2 billion that would have otherwise gone toward improper Medicare payments. She added that CMS was looking to expand out its new technologies to identify further waste, fraud and abuse in the Medicaid program.

]]>

House Homeland panel gets briefing on Anthropic’s Mythos

David DiMolfetta — Thu, 14 May 2026 13:08:00 -0400

Members of the House Homeland Security Committee were briefed Wednesday on Mythos, the Anthropic artificial intelligence model that has drawn vast attention across the cybersecurity community for its advanced hacking capabilities.

Anthropic executives provided the panel with a live demonstration of Mythos, allowing members to see how advanced AI can identify and reason through software vulnerabilities, according to a committee aide who attended the briefing and requested anonymity to communicate details of the demo.

“What we saw reinforced the urgency of ensuring that federal agencies, including our civilian cyber defenders, can responsibly access and deploy the most advanced U.S. models to find and patch vulnerabilities before foreign adversaries or criminal actors exploit them,” said the aide, who noted the briefing was one of the first live demonstrations delivered to Congress.

President Donald Trump is meeting with Chinese President Xi Jinping this week, where AI competition is expected to come up in the discussion. Last month, the White House accused Beijing of attempting to copy components of U.S. AI systems to build similar models of its own through a process known as distillation.

“As the [People’s Republic of China] aggressively works to close the AI innovation gap with the United States, the committee remains focused on ensuring that America’s AI leadership translates into a durable national security advantage, not a temporary lead that adversaries can copy, steal or rapidly commoditize,” the aide added.

The briefing was “productive and focused on a range of AI security and competitiveness issues,” according to a second person familiar with the demo.

Members discussed how the U.S. can preserve its advantage in AI, including maintaining leadership in compute power and preventing China from obtaining advanced chips, said the person, who added that attendees discussed safeguards for advanced AI models and ensuring future systems are developed and deployed safely and securely.

Lawmakers also asked questions about Anthropic’s engagement with the federal government, including whether an ongoing legal dispute over a Defense Department supply chain risk designation against the company is affecting conversations about the use of AI models across federal agencies, including at CISA, which reportedly doesn’t have full access to the model.

The second person did not add additional details about who in the government has access to Mythos, but said “the implications of advanced AI tools for state and local governments and under-resourced critical infrastructure sectors, including water systems, were also discussed.”

Mythos, unveiled last month, was held back from a full public release on the grounds that it could pose national security risks in the wrong hands. U.S. critical infrastructure stakeholders have been vying for access to the tool so it can be run against their own systems to identify and patch previously undiscovered vulnerabilities that could be exploited by hackers.

The Hill first reported news of the demo.

It’s unclear which government agencies have access to Mythos, although multiple reports and people familiar with the matter previously confirmed to Nextgov/FCW that the NSA is among them.

Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., told Politico that he and Chairman Tom Cotton, R-Ark., were briefed on Mythos by Gen. Joshua Rudd, who leads Cyber Command and the NSA, but did not provide further details.

]]>

Five steps to make commercial-first government work

Irina Denisenko — Wed, 13 May 2026 15:56:00 -0400

The White House’s April 2025 Executive Order, reinforced last month by Memorandum M-26-12, marks a decisive shift in how the federal government approaches technology acquisition.

For years, agencies have been encouraged to prioritize commercial off-the-shelf (COTS) solutions, yet entrenched procurement practices have continued to favor costly, time-intensive custom builds. The new mandate makes clear that this status quo is no longer acceptable.

Directing agencies to increase the use of commercial products and services (and to justify when they do not) signals a broader effort to align federal technology strategy with the speed, scale and innovation of the private sector.

Turning this policy into measurable outcomes will require more than intent; it will require practical and structural changes in how government evaluates, acquires and deploys technology.

Here are five recommendations to help translate this mandate into real progress:

1. Default to commercial first, with clear justification for exceptions

A true shift to commercial-first must begin at the earliest stages of acquisition planning. Agencies should start every requirement with a structured market analysis to identify existing solutions that meet mission needs and treat that assessment as foundational, not procedural.

When bespoke builds are proposed, the justification should be rigorous. Agencies must demonstrate not only that no viable commercial option exists, but that customization delivers clear advantages in cost, performance or mission outcomes. This flips the current dynamic, where custom development is too often the default. Embedding this discipline early will reduce redundant development, accelerate deployment and better align spending with proven, scalable technologies.

2. Standardize security and compliance baselines across agencies

Inconsistent interpretations of security requirements remain a major barrier to adoption. Even within shared frameworks, agencies often apply standards differently, thus leading to duplication, delays and uncertainty. Establishing a common baseline, paired with enforceable reciprocity, would streamline adoption significantly. If a solution is authorized under a recognized federal standard, that approval should be portable across agencies with minimal modification.

Standardization does not weaken security, but strengthens it by creating clearer expectations, enabling deeper scrutiny and eliminating redundant reviews that add cost without improving outcomes.

3. Move from point-in-time approvals to continuous validation

Traditional certification models rely on point-in-time assessments that quickly become outdated. Systems are approved based on a snapshot, even as software and threats evolve continuously.

A more effective model is continuous validation using automation, real-time monitoring and ongoing control assessments to maintain a current view of risk. This allows agencies to move faster while improving oversight. By aligning authorization with modern software practices, agencies can deploy updates more quickly, respond to threats in real time and maintain stronger assurance over time.

4. Create reusable “authorization pathways” for proven technologies

Today, even widely used technologies often undergo redundant authorization processes in each agency. This slows adoption and discourages innovative providers from engaging with government. Reusable authorization pathways would allow previously assessed technologies to move more efficiently across agencies with similar risk profiles. This could include shared assessment artifacts, pre-approved solution categories or government-wide authorization packages. Treating prior assessments as reusable assets would reduce time-to-deployment while maintaining confidence in security and create a more predictable pathway for commercial providers.

5. Incentivize acquisition teams based on outcomes

Procurement systems often reward adherence to process over delivery of results. While compliance is essential, overemphasis on process can discourage speed, innovation and smart risk-taking. Agencies should evolve their process for how success is measured by focusing on time-to-deployment, total cost of ownership, mission impact and user adoption. Aligning incentives with outcomes will encourage teams to pursue more efficient, effective solutions. Empowered with the right metrics and support, acquisition professionals are far more likely to embrace commercial technologies and deliver meaningful results.

Without structural change, this will be another well-intentioned directive. With it, it could mark the beginning of a fundamentally more modern, effective federal technology ecosystem.

Irina Denisenko is the CEO of Knox Systems, a cybersecurity pioneer delivering FedRAMP as a Service to help SaaS companies enter and scale in the government market. With deep expertise in technology, government and enterprise, Irina brings a track record of building trusted, scalable systems at the intersection of innovation and compliance.

]]>

Air Force taps Salesforce’s Army contract for personnel modernization work

Nick Wakeman — Wed, 13 May 2026 15:28:00 -0400

Salesforce has signed a new $72 million enterprise license agreement with the Air Force to modernize personnel management and other functions using artificial intelligence.

This is part of a $5.6 billion contract Salesforce and the Army inked in January. The idea was that the vehicle would be open to all of the Defense Department.

The agreement with the Air Force is meant to enhance situational awareness and unify business functions like personnel management, Salesforce said Wednesday.

The Air Force will use Salesforce's Missionforce National Security offering, which includes artificial intelligence tools.

“Leveraging enterprise-wide contract vehicles accelerates our procurement timelines, optimizes resource allocation, and ensures our Airmen and Guardians are equipped with the agile technology necessary for today's dynamic mission environments," said Keith Hardiman, deputy chief information officer for the Air Force.

The Air Force is using the Salesforce agreement to consolidate contracts, reduce the number of contract actions and achieve volume-based savings.

The agreement also aims to help the Air Force connect its digital infrastructure to gain a view across personnel recruiting and logistics.

The Air Force will also be able to pilot implementation of Salesforce’s Agentforce, an agentic AI solution, which is intended to enable automation of workflows and support decision-making at the edge.

]]>

‘No time to waste’ in prepping governments for AI cyber threats, top Dem lawmaker says

Chris Teale — Wed, 13 May 2026 14:16:00 -0400

The U.S. Senate’s top Democrat called on the Department of Homeland Security last week to better coordinate its response to artificial intelligence-driven cyber threats with state, local, tribal and territorial governments.

Sen. Chuck Schumer, the New York Democrat who serves as Senate Minority Leader, said in a letter to Homeland Security Secretary Markwayne Mullin that the world is “coming to grips” with the fact that AI systems will soon be better than humans at finding software vulnerabilities. Schumer’s letter came after Anthropic announced last month that its Claude Mythos Preview model is “strikingly capable” at finding cybersecurity vulnerabilities.

Schumer called on Mullin and DHS to work closely with other units of government to prepare them properly for those cyber threats from AI. He noted the threats that states, localities and others face, including to their critical infrastructure, and urged the federal government to do more to protect them. AI could be capable of hacking such systems within a year, he said.

“As AI continues its rapid development — including important cybersecurity advances as well as dangerous new hacking tools — it is imperative that all levels of our government have access to this technology so they can prepare before it’s too late. We must beat cyber criminals in the race to defend our most critical systems from AI-enabled hacking or attacks,” Schumer said in a statement accompanying the letter. “There is no excuse for the Department of Homeland Security’s delay in bolstering state and local government cybersecurity capabilities. We must begin this process now — before there are any major disruptions to hospitals or energy grids — or worse.”

In his letter, Schumer asked Mullin to provide information on how DHS will coordinate with SLTT governments and the private sector to conduct risk assessments of critical infrastructure, and share information about vulnerability discovery and response. He also asked Mullin how DHS will work with other governments to provide remediation solutions, facilitate rapid vulnerability patching, offer access to modern testing and evaluation, and advise governments on identifying top AI talent and training to prepare the next generation of tech workers.

Schumer’s letter noted that those questions come on the heels of the federal government pulling funding for the Multi-State Information Sharing and Analysis Center, which he noted was designated in 2010 as the “primary source” for those functions and more. Since the Cybersecurity and Infrastructure Security Agency announced it had pulled funding for MS-ISAC, the center has moved to a membership model.

For their part, officials in President Donald Trump’s administration have promised more information sharing, especially after the release of the National Cyber Strategy in early March. In a previous public appearance, White House National Cyber Director Sean Cairncross said agencies — including CISA as well as the Department of Justice and Federal Bureau of Investigation — were “looking for ways to streamline information sharing from the [U.S. government] side.”

“Often how we know things is super sensitive,” he continued. “What we know is less so. We want to figure out how to communicate that in a helpful, actionable way, as we work through that on the interagency side, with partners on the state and local side.”

Schumer, however, said the decision to cut funding to the MS-ISAC was a poor one given how AI has shifted the threat landscape.

“Given the monumental changes quickly coming to cybersecurity as the result of frontier AI, and the need for organizations to be able to perceive and contextualize risks earlier than ever before, there could not be a worse time to undercut proven, longstanding MS-ISAC processes, procedures, and resources for sharing cyberthreat intelligence with SLTTs,” the letter said.

Schumer asked for a plan for “coordinating our nation’s response to frontier AI-enabled hacking” by July 1, as well as a nominee to lead CISA.

“AI is changing the cyber battlefield fast — and we cannot let hackers get there first,” Schumer said in a statement. “Hospitals, power grids, water systems, schools, elections, and emergency services cannot be left exposed while criminal gangs and state-backed hackers race to exploit new AI tools. DHS must immediately help states and localities find and fix vulnerabilities before Americans are hit with outages, disruptions, and attacks that could put lives and livelihoods at risk. This is a race between cyber defenders and AI-enabled hackers — and with communities across the country at risk, there is no time to waste.”

]]>

Watchdog recommends nearly 100 ways for agencies to save tens of billions

Sean Michael Newhouse — Tue, 12 May 2026 22:16:00 -0400

The Government Accountability Office on Tuesday released its annual report highlighting duplicative federal programs and opportunities to promote effectiveness and efficiency across agencies. Officials estimated that implementing their new and past open recommendations could save more than $100 billion.

Some of the new 97 recommendations for lawmakers and agencies include:

Officials should consolidate mission-support services (e.g. payroll and travel) among agencies, which GAO reported could save tens of millions of dollars over three years. Specifically, the watchdog recommended that the Office of Management and Budget and General Services Administration improve data collection with respect to the effectiveness of shared services.
The departments of Defense and Veterans Affairs should identify more opportunities to share healthcare resources, which could reduce fragmentation and also save tens of millions of dollars annually.
FBI should lead the creation of a government-wide anti-scam strategy to spur collaboration, as 13 different agencies work to prevent scams.

Investigators reported that, as of March, agencies had fully or partially addressed 1,662 (77%) of recommendations that GAO has made in these annual reports for the last 16 years, yielding about $774.3 billion in financial benefits. Officials acknowledged, however, that this is a “rough estimate based on a variety of sources that considered different time periods and used different data sources, assumptions and methodologies.”

In the latest report, GAO also flagged past recommendations that remain unimplemented including:

Establishing an inventory of federal programs, which includes funding and performance information, to help identify duplication and overlap. The watchdog found in a March report that such an inventory created by OMB is missing statutorily required information.
Setting up a process to identify and remove ineligible family members from the Federal Employees Health Benefits program, which the watchdog said could save more than $1 billion over nine years. The One Big Beautiful Bill Act, which was enacted in July 2025, included a requirement to fulfill such a recommendation, but the Office of Personnel Management hasn’t implemented it yet.
Improving the IRS’ enforcement efforts. Congressional Democrats in 2022 approved nearly $80 billion for the tax agency, in part, to enhance tax collections, but lawmakers since then have rescinded more than two-thirds of that funding.

The House Republican fiscal 2027 legislative branch appropriations bill would cut GAO’s funding by nearly 25%. Congress in fiscal 2026 held the watchdog’s funding level flat despite an attempt by the House GOP to halve it. The Trump administration has criticized GAO for issuing several findings that officials illegally withheld congressionally approved spending.

]]>

The Pentagon’s cyber rules leave MSPs as an attack vector

Amy Edwards and Michael McLaughlin — Tue, 12 May 2026 16:31:00 -0400

At a time when China, Russia and criminal groups are increasingly targeting military supply chains, a narrow regulatory gap has created an attack vector adversaries can exploit to undermine national security.

The Cybersecurity Maturity Model Certification (CMMC) program, which took effect in late 2025, is designed to protect those supply chains. By requiring contractors that handle Controlled Unclassified Information (CUI) to implement NIST SP 800-171 controls and undergo third-party verification, CMMC seeks to eliminate weak links across the Defense Industrial Base (DIB).

But as CMMC shifts from regulation to real-world enforcement, a fundamental question looms: Who actually holds the keys to military contractor information systems?

Overlooked impact of MSPs

Managed Service Providers (MSPs) are an indispensable part of protecting the DIB, giving small and medium-sized businesses (SMBs) access to IT expertise that would otherwise be cost-prohibitive. By outsourcing network, system and cloud management to MSPs, contractors can slash compliance costs while accelerating CMMC readiness, transforming a burdensome solo effort into a streamlined, scalable option.

Done correctly, with MSPs held to the same rigorous standards as their clients, these providers strengthen security through specialized knowledge, proactive threat hunting and shared best practices, hardening the entire supply chain against evolving threats.

Where CMMC falls short

If MSPs are not held to equivalent standards, they become a critical attack vector. MSP personnel routinely hold privileged administrative access to patch vulnerabilities, reset credentials and tune defenses. Compromised access can expose entire contractor networks. This “privileged access” reality is central to modern cybersecurity. But CMMC does not fully address it.

Many contractors, especially resource-constrained SMBs, depend on MSPs to meet and sustain compliance. Yet CMMC’s governing regulation treats MSPs as “External Service Providers” (ESPs) under vague scoping rules and voluntary certification.

Voluntary compliance is inadequate when the provider controls the environment. Multi-tenant architectures, standardized toolsets deployed across hundreds of clients and potential overseas operations make it impossible for any single contractor to rigorously validate an MSP’s security posture. The result: contractors face clear obligations, while MSPs with operational control over CUI environments can escape equivalent certification — creating a high-leverage entry point for adversaries.

Real threats to the DIB

This is not theoretical. The 2020 SolarWinds attack used trusted software updates to breach dozens of defense contractors. The 2021 Kaseya VSA ransomware campaign hit MSPs directly, encrypting systems at hundreds of downstream clients. In early 2026, ransomware groups Qilin and Akira targeted IT service providers and manufacturing supply chains, with Akira breaching providers serving defense and government sectors. Nation-state actors, including Chinese-linked Mustang Panda, continue persistent espionage through third-party vectors. Supply-chain attacks are surging, AI is amplifying extortion and MSP privileged access remains a prime vulnerability.

The legislative fix

The solution is not to abandon MSPs. It is to hold them to appropriate standards. The fix requires neither a sweeping overhaul nor undue burdens on small businesses. It demands targeted oversight and discrete updates, beginning with the House Armed Services Committee (HASC).

A foundational challenge is visibility: DoW lacks a reliable inventory of MSP usage among Level 2 and Level 3 contractors. There is no record of which contractors rely on MSPs for CUI-related systems, which providers are involved or their certification status. Industry estimates suggest tens of thousands of MSPs serve U.S. businesses, with widespread adoption among defense manufacturers, yet only approximately 40 have attained CMMC Level 2 certification. Without this baseline, the Pentagon is operating blind.

First, HASC should direct DoW to conduct a focused survey of Level 2 contractors: Do they use MSPs for systems that process, store or transmit CUI? Which MSPs? Are those providers certified commensurate with their level of privileged access? This inventory would illuminate real exposure without excessive red tape.

Second, Congress should close the gap surgically. Congress has already defined “managed service provider” in 6 U.S.C. § 650(18) as entities providing ongoing network, infrastructure or security services — a statutory foundation ready to be applied. Congress should amend 32 CFR Part 170 to incorporate that definition and require MSPs with administrative access to CUI environments to obtain certification matching their client contractor’s CMMC level.

These steps enforce a core principle: if an entity holds functional control over CUI systems, it must meet verifiable standards aligned with that responsibility. MSPs already help SMBs achieve security and compliance more affordably and quickly; clear rules will promote CMMC-ready partners and further harden the supply chain.

CMMC promises genuine protection across the DIB, not checkbox compliance. Treating privileged access as an edge case invites preventable vulnerabilities at a moment when threats from ransomware to nation-state espionage are intensifying. The changes are narrow, the rationale clear and the stakes — safeguarding systems essential to warfighters and national security — are immense.

Amy Edwards is a U.S. Army veteran and Director of Legislative Affairs for the Managed Service Provider Collective. Michael McLaughlin is a U.S. Navy veteran and Co-Leader of the Cybersecurity and Data Privacy Practice Group at the law firm of Buchanan Ingersoll & Rooney, PC.

]]>

‘It would be insane’ for spy agencies to not have AI model early access, lawmaker says

David DiMolfetta — Tue, 12 May 2026 14:09:00 -0400

Rep. Jim Himes, D-Conn., the top Democrat on the House Intelligence Committee, said Tuesday it would be “insane” for U.S. intelligence agencies to not have early access to advanced artificial intelligence models that could be used for hacking and cyberdefense.

His remarks, delivered on a panel at Politico’s Security Summit, come as the Trump administration is reportedly considering a major AI executive order and debating whether the Commerce Department or intelligence community should oversee evaluations of AI models. They also come as President Donald Trump makes a planned trip to China this week, where he is expected to discuss AI matters with Chinese President Xi Jinping.

“Making sure that, in particular, where our real computational brains are, the National Security Agency, making sure they have access to the most capable hacking tools … it would be insane not to do that, right?” he said.

The NSA, the spy community’s premiere hacking, codebreaking and foreign eavesdropping giant, has been testing Mythos, a major Anthropic model that’s been held back from full public release due to its substantial cyber capabilities, multiple people familiar with the matter said.

On Monday, The Washington Post reported the Trump administration is split over whether to give spy agencies or the Commerce Department dibs at evaluating models. Commerce officials are pushing back against a White House proposal to house an AI evaluation center within the intelligence community, according to the report.

Himes said the Commerce Department should also have a role to play in AI policy.

“Across the government, we should be looking at these capabilities,” he said, adding that “we ought to be cultivating — not damaging — our relationship with the producer of this remarkable new technology,” in a nod to the ongoing legal complaints Anthropic has lodged at the Defense Department, which deemed it a supply chain risk earlier this year after the company said it wouldn’t meet certain Pentagon demands.

Himes said he doesn’t think the legal spat between the DOD and Anthropic has set back the intelligence community in the near term, though “if this drags out, if [Defense Secretary] Pete Hegseth gets a bee in his bonnet about this and just decides to target because his ego is damaged … that will be a massive liability for United States national security.”

Officials are circulating draft policy documents with language clarifying the government’s ability to use private sector tech without outside stipulations, Nextgov/FCW reported last week. It’s not clear if the contracting language is part of a coming executive order or a separate policy initiative.

The ongoing discussions highlight how the Trump administration is closely examining cyber threats brought on by advanced AI models and is looking to take a more hands-on approach toward the AI sector, despite prior laissez-faire positions.

]]>

Lawmakers propose to establish AI guardrails for VA in FY27 funding

Edward Graham — Tue, 12 May 2026 12:21:00 -0400

Proposed amendments to the fiscal year 2027 funding bill for the Department of Veterans Affairs include several measures seeking to limit the use of decisional or unapproved artificial intelligence tools by the agency.

The House Rules Committee is set to hold a hearing on the VA funding proposal and proposed amendments Tuesday afternoon. The FY27 funding package passed out of the House Appropriations Committee last month.

Separate proposals offered by Reps. Paul Gosar, R-Ariz., and James Walkinshaw, D-Va., specifically call for additional oversight of VA’s uses of AI to ensure they are being deployed appropriately. Although both proposed amendments may not make it into the final funding package voted on by the full House, they signal lingering lawmaker unease about the VA’s use of the emerging capabilities to augment department operations.

Gosar’s measure would block VA funding from being used “to make a final determination with respect to the approval or denial of a claim for disability compensation under the laws administered by the Secretary of Veterans Affairs using artificial intelligence.”

VA has used AI and automation to speed up its processing of veterans benefits claims, although some lawmakers and veteran service organizations have expressed concern about officials ceding too much of their decisionmaking authority to the technologies. The agency has stressed that humans always make the final claims decisions and that the AI tools act as more of an automated information retrieval system.

Gosar spokesman Anthony Foti said the congressman’s amendment would “establish a clear safeguard within the VA disability claims process” to ensure that human reviewers always make the final decisions, adding that Gosar “believes it is important to establish appropriate guardrails before these technologies are relied upon for consequential adjudicative decisions.”

Even though VA is already leveraging some AI tools to speed up benefits processing, the agency is looking to further expand its suite of claims-focused technologies. VA’s 2025 AI use case inventory, which was released in January, included 28 instances of the technologies being leveraged for claims processing, with the majority of these examples still listed as being in the pre-deployment phase.

“Disability determinations often involve nuanced medical evidence, individualized circumstances, and credibility assessments that require human judgment and oversight,” Foti said. “The amendment is designed to ensure that AI serves as a support tool — not as the final decision-maker — in matters directly impacting veterans’ healthcare access, financial stability, and earned benefits.”

Walkinshaw’s amendment, meanwhile, looks to address uses of the emerging capabilities that may be operating without agency oversight.

Within 180 days of the funding bill’s enactment, Walkinshaw’s proposal would require VA to submit a report to relevant congressional committees detailing “the use of unapproved artificial intelligence models or artificial intelligence-powered applications, also known as ‘’shadow AI’’, within information technology networks of the Department of Veterans Affairs, and any cybersecurity risks and data exposure vulnerabilities introduced by such use.”

These ‘shadow’ uses of AI often entail employees using technology not approved by the agency to conduct work and that operate outside of traditional restrictions.

Walkinshaw’s office was not able to immediately respond to a request for comment.

]]>

Anthropic and nonprofit partner to streamline benefits administration with AI

Kaitlyn Levinson — Mon, 11 May 2026 16:00:00 -0400

CHICAGO — The civic tech nonprofit Code for America is partnering with artificial intelligence company Anthropic to develop tools aimed at helping caseworkers enhance public benefits administration across the nation.

The organizations are working together to develop an AI-enabled solution to improve the accuracy and timeliness of benefits service delivery under the Supplemental Nutrition Assistance Program, Jana Rhyu, vice president of product at Code for America, announced Friday at a summit hosted by the organization in Chicago last week.

The SNAP Policy Navigator tool is built on federal regulations, state manual selections, official policy directives and other documents to help caseworkers “quickly and accurately get an answer to [a] very specific policy question” when they are working with clients, said Michael Lai, who leads state and local government AI at Anthropic.

The tool leverages Anthropic’s Claude chatbot and is built on a model context protocol to ensure a secure two-way connection between data sources and AI applications, Rhyu said. A caseworker can input a simple, policy-based question, such as how a client’s change in income or a new federal policy could impact their benefits, and the tool outputs an up-to-date response in plain language with cited sources and suggested next steps.

The user “gets clarity on policy, not a decision on overall eligibility. The decision stays with [them],” she said.

The announcement comes as state and local public benefit agencies scramble to comply with rule changes to the federal food assistance program made last July under President Donald Trump’s “Big, Beautiful Bill.” The law subjects participants to expanded work requirements, shifts administrative costs to states based on their SNAP payment error rates, and requires that the Thrifty Food Plan — the model used to calculate the lowest-cost nutritional meal for a family of four — be cost-neutral to changes in food prices.

Since its passage, SNAP participation has declined by more than 3 million people across 36 states as of January, and further reductions are expected once the new rules are fully implemented, according to the Center on Budget and Policy Priorities.

“Policy is constantly changing, and the complexities of policy implementation are immense, which places an even bigger burden on the caseworkers,” Rhyu said.

That’s why it’s critical for resources like the SNAP Policy Navigator tool to help reduce caseworkers’ administrative burden of sifting through and trying to apply intricate policies to individual cases, she said.

Indeed, the complex rules regarding eligibility and exemptions present common barriers to benefits access and having to explain those to residents who depend on the timely and accurate delivery of public assistance to meet their everyday needs only adds to it, Lai said.

Such challenges are exacerbated by funding uncertainty, workforce shortages and increasing caseloads that many states and localities are grappling with across the U.S.

He pointed to one former caseworker who described their job as “an email inbox that's always full, where each one requires care and attention, but you're constantly getting interrupted as you try to work through the never ending inbox of people to help.”

In addition to the SNAP Policy Navigator, Code for America and Anthropic will develop a suite of Claude-based tools to further assist benefit workers with answering policy questions, reviewing eligibility documents and drafting communications to benefit recipients, Code for America leaders said in an announcement last week.

“We know that caseworkers are really overburdened in general, but especially at this moment with HR 1 as well, and so AI shouldn't be used for AI’s sake,” Lai said. “We want it ultimately to be helping in this human way and trying to make benefits administration more efficient, more accurate and more human centered.”

]]>

Canvas breach spotlights cybercriminal appetite for student data

David DiMolfetta — Mon, 11 May 2026 12:00:00 -0400

A major cybercrime gang’s hack of Canvas is highlighting how education technology providers have become attractive targets for cybercriminals, whose access to student records, login credentials and other sensitive data can create opportunities for fraud, identity theft, extortion and future intrusions.

ShinyHunters on Thursday claimed responsibility for a hack into Instructure’s Canvas platform that facilitates course materials and class management for thousands of institutions. An extensive document posted by the hackers and obtained by Route Fifty lists some 9,000 customers apparently impacted in the breach, including Georgetown, Harvard and Cornell universities. It’s not clear whether all victims listed were accessed, or what data may have been stolen.

As Instructure worked to restore services, the hackers appeared to launch follow-on attacks, while students flooded social media during final exam season with photos and videos showing compromised Canvas pages appearing upon login. ShinyHunters claims it accessed names, email addresses, student identification and private messages.

The hacking group said Saturday it would not comment further. An extortion message posted on affected sites says that Instructure has until May 12 to reach out to the hackers. ShinyHunters has since removed Instructure from their Pay-or-Leak portal and the company says Canvas functions have been restored.

Route Fifty has asked Instructure if it is negotiating with the group or has paid a ransom to prevent data from being leaked.

The FBI is likely investigating the incident, according to two people familiar with the matter who requested anonymity to communicate their understanding of the government’s response to the breach.

An FBI spokesperson said on Friday that the bureau is aware of the compromise.

“If you are contacted directly by anyone claiming to have your data, we recommend you not send payment or respond to their demands. By receiving a message, that does not necessarily mean your personal information has been compromised,” their statement said.

Hackers often exaggerate or fabricate their access to sensitive or personal information to prompt payment from victims, the FBI spokesperson added. “We encourage individuals to be cautious of unsolicited emails, calls, or texts claiming to be from your school, the [Learning Management System] provider, or law enforcement and to verify the contact through known channels before responding.”

Universities are a “treasure trove” of data and ransomware hackers know this, said Cynthia Kaiser, a former senior FBI cyber official. “At the same time, the openness that defines higher education can make these institutions more exposed than many other organizations.”

Kaiser, now vice president of the Ransomware Research Center at Halcyon, said that criminal hacker groups frequently obtain credentials from other intrusions and use them to carry out other hacks.

“You have to remember that groups like ShinyHunters, Lapsus$ and Scattered Spider often log in rather than hack in,” she said, referring to a slew of major criminal hacker gangs that have made headlines for their intrusions over the years.

Any stolen data wouldn’t enable immediate financial theft, though it’s highly valuable for targeted phishing and social-engineering attacks, said Adam Marrè, a former FBI special agent and Chief Information Security Officer at Arctic Wolf.

“The biggest risk after incidents like this is not instant identity theft but scams that surface weeks or months later and appear legitimate. Students, parents, and educators should stay alert for unexpected or urgent messages, avoid clicking unverified links, enable multi-factor authentication on email accounts and be cautious with any request for personal information,” he said.

The House Homeland Security Committee is investigating the matter, according to a letter sent Monday to Instructure CEO Steve Daly from Rep. Andrew Garbarino, R-N.Y., the panel’s chairman. He asked company executives to brief lawmakers and staff by May 21.

Instructure said in a blog post that the unauthorized access involved information like usernames, email addresses, course names, enrollment information and messages. The company also “identified a vulnerability regarding support tickets in our Free for Teacher environment that was exploited.”

It’s not known how long it took for the hackers to craft the plan for the intrusion, but the fact that they carried it out during final exams “shows the level of planning that went into this attack,” said Damien Skeeles, a senior manager at Filigran, which sells open-source cybersecurity solutions.

“You wonder how much more planning went into it, and how many more acts there are to follow,” he said.

]]>

Agentic AI just proved it can fix federal procurement — now let’s scale it

KJ Lian and Anil Chaudhry — Mon, 11 May 2026 09:00:00 -0400

The views expressed in this article are those of the authors and do not necessarily reflect the official policy or position of their employers.

Every year, federal agencies evaluate thousands of vendor proposals worth billions of taxpayer dollars, and they do it with a process that is slow, inconsistent and an inefficient use of personnel time.

Contracting officers manually cross-reference dense submissions against hundreds of Federal Acquisition Regulation (FAR) clauses, Defense Federal Acquisition Regulation Supplement requirements and a growing web of executive orders. Critical gaps remain despite the diligent efforts of procurement teams. Timelines stretch from weeks into months. The cost is mission delay, wasted funding and eroded public trust.

This is not a theoretical problem; it is a daily operational reality. Even as the FAR overhaul aims to simplify compliance, procurement team burdens keep growing.

That’s why the ATARC Agentic AI Lab set out to answer a specific question: can a team of specialized AI agents — not a chatbot or search tool, but autonomous agents working in coordination — evaluate a federal proposal against real regulatory requirements and surface genuine compliance risks? We didn’t want a demo. We wanted proof.

We got it.

Our proof of concept deployed three specialized AI agents: a FAR compliance agent, an executive order agent and a technical evaluation agent against a real-world-modeled $8.5 million vendor proposal for a fictitious agency data modernization initiative. Each agent independently analyzed the submission from its domain, querying curated regulatory knowledge bases and generating detailed findings with precise FAR citations.

The results were striking. The agents identified gaps in small business subcontracting documentation, security framework specifics and cost justification. Where the proposal was strong, particularly its alignment with executive orders on AI policy, the agents recognized that too.

Here’s what matters most: humans never left the loop. The agents performed the analytical labor, document review, citation matching, cross-referencing across domains. Every final determination, every exception judgment, every award decision remained with the reviewer. The AI didn’t replace expertise. It multiplied it.

We also learned what doesn’t work yet. The system needs confidence scoring so reviewers know when to trust a finding. It needs context-aware interpretation for agency-specific deviations and acquisition strategy trade-offs no general model can anticipate. These are solvable engineering challenges, not fundamental limitations.

The broader lesson extends well beyond pre-award compliance review. The multi-agent architecture we validated — specialized agents with distinct knowledge domains, coordinating through a shared orchestration layer — is a reusable pattern. Grant evaluations at federal health agencies. Regulatory impact assessments at EPA. Small business compliance support that levels the playing field for new market entrants. The pattern scales because the problem scales.

Agencies should implement agentic AI tools against real procurement workloads and share findings openly. The Office of Federal Procurement Policy should issue guidance encouraging AI-assisted document review with clear human-in-the-loop standards.

We have the proof. In today’s budget-constrained environment, where every dollar must stretch further and mission delivery is harder than ever, agentic AI offers a genuine path to doing more with less. The question is no longer whether this technology can help. The question is whether we will move from pilot to production before that opportunity passes.

KJ Lian is the senior manager of the emerging tech solutions team for federal civilian at Amazon Web Services. Anil Chaudhry is a senior advisor for AI at the Department of Transportation. Both Lian and Chaudhry are co-chairs of the ATARC Agentic Al Lab.

]]>

Tech bills of the week: Limiting data harvesting; AI for financial fraud prevention; and more

Alexandra Kelley and Edward Graham — Fri, 08 May 2026 16:46:00 -0400

Securing online user data

A new House bill adds to the growing volume of legislation seeking to bolster data privacy protections by prohibiting companies from requiring online users to give access to their data as a condition of service.

The You Own the Data — or YODA — Act, introduced by Rep. Michael Cloud, R-Texas, tackles longstanding data privacy issues by limiting data collection from website hosts beyond “what is reasonably necessary to provide the requested service,” and bans tracking cookies without explicit user permission.

“The Constitution protects Americans’ right to private property and privacy from unwarranted searches and seizures. That principle doesn’t disappear the moment you open a browser,” Cloud said in the press release.

The measure enables the Federal Trade Commission and state attorneys general to enforce the YODA Act’s pillars. Notably, it creates recourse for individuals whose data has been illegally harvested to bring civil suits against companies with an annual gross revenue of $50 million or more.

Using advanced tech to combat financial fraud

Rep. Mike Flood, R-Neb., formally introduced legislation on Thursday that would direct federal banking agencies to conduct a study on the use of artificial intelligence and other advanced technologies in fraud detection and prevention, “with particular attention to community financial institutions.”

The bill — the Bank Fraud Technology Advancement Act — also includes a section calling for the agencies to establish a voluntary “community bank fraud technology pilot program” one year after completion of the required study, saying that it would help “facilitate community financial institution access to advanced fraud detection tools.”

A draft of Flood’s measure was previously discussed during a March House Financial Services Subcommittee on Financial Institutions hearing.

Counter-drone measures for the National Guard

Rep. Michael McCaul, R-Texas, introduced a bipartisan measure on Thursday that seeks to enhance counter-drone measures at large-scale events — such as the upcoming FIFA World Cup and America250 celebrations — by giving the National Guard explicit authority to mitigate potential threats posed by the unmanned aerial systems.

The proposal, the Guard the Skies Act, grants the National Guard the ability “to protect certain facilities and assets from unmanned aircraft.” The legislation is co-sponsored by Reps. Marcy Kaptur, D-Ohio, Eli Crane, R-Ariz., and Josh Gottheimer, D-N.J.

"From foreign adversaries to transnational criminal organizations, hostile actors have increasingly adopted drone technology to target critical infrastructure and innocent civilians. As the United States prepares to host millions of visitors for the FIFA World Cup, America250 celebrations, and eventually the Olympics, we must be prepared to intercept and neutralize this evolving threat,” McCaul said in a statement. “The Guard the Skies Act would leverage the National Guard — a force uniquely positioned for rapid deployment and crisis response — to protect our skies and the large-scale gatherings below.”

SBA’s AI use

A measure introduced by Rep. Hillary Scholten, D-Mich., would task the head of the Small Business Administration with implementing a recommendation from a May 4 Government Accountability Office report on uses of AI in the agency’s small business contracting and innovation research.

That watchdog called for SBA to ensure its chief information officer “establishes policies and procedures for meeting the agency’s applicable reporting requirements for AI use case inventories, including defining roles and responsibilities, and for documenting the implementation of policies and procedures and key decisions.”

Within 45 days of the bill’s passage, Scholten’s measure would require that SBA submit a report to the House and Senate Small Business committees detailing the plans it will take “to establish and implement policies and procedures to disclose artificial intelligence use.”

]]>

Unleashing AI across the US government: The data security challenge holding back decision advantage

Terry Halvorsen — Fri, 08 May 2026 14:41:00 -0400

During my years leading IT strategy at the Department of Defense and the Navy, I witnessed firsthand the frustrating paradox that continues to plague government artificial intelligence initiatives: we're sitting on mountains of valuable data that could revolutionize mission outcomes, yet we can't actually use most of it with AI systems.

The problem isn't technology adoption, since federal agencies are rapidly deploying AI and machine learning capabilities. The challenge is that our most sensitive data — the information that could provide genuine decision advantage — remains locked away because our current security architectures can't protect it at scale once AI systems begin processing it.

The promise of augmented intelligence

Let's be clear about what's at stake. When properly implemented, AI — or what I prefer to call "augmented intelligence" — represents a crucial advancement in how government operates. From predictive maintenance on weapons systems to accelerated threat detection in cybersecurity, from streamlined acquisition processes to improved resource allocation, AI has the potential to enhance every aspect of federal operations.

The Pentagon's emphasis on responsible AI — built on principles of equitable, traceable, reliable, governable and transparent usage — provides the right ethical framework. We understand that humans must remain in the loop for critical decisions, particularly those involving national security or individual rights. We've established governance structures and invested in quality, auditable data pipelines.

But here's what keeps CIOs and CISOs awake at night: all these careful preparations become meaningless if we can't secure the data during AI processing.

The decrypt-to-use vulnerability

Today's AI systems, including the increasingly popular Retrieval-Augmented Generation (RAG) models that federal agencies are deploying, have a fundamental security limitation. To analyze data, they must decrypt it first. This creates a vulnerability window where sensitive information sits exposed in memory and processing systems.

For classified defense data, this is often a complete showstopper. Legal teams won't approve AI analysis of intelligence data when the architecture requires decryption during processing. The same applies to healthcare data protected by HIPAA, financial records subject to compliance requirements or personally identifiable information covered by privacy laws.

Consider the implications: the Department of Defense collects vast amounts of operational data, but by my estimates, we use only about 5% of it on our best days. Of that small fraction, only about 25% reaches commanders in time to inform mission-critical decisions. If I told corporate executives they were throwing away 95% of their competitive advantage, they'd be terminated that day. Yet we are forced to slow down our AI usage because we lack secure methods to process sensitive data with AI.

This isn't just inefficiency; it's a national security risk. Our adversaries are aggressively deploying AI without the same ethical constraints or security concerns that rightfully slow our adoption. The country that can most effectively harness AI for intelligence analysis, operational planning and strategic decision-making will have significant advantages in future conflicts.

The RAG security challenge

Retrieval-Augmented Generation models present particularly acute security challenges. These systems combine large language models with organizational knowledge bases, allowing AI to provide contextually relevant responses based on proprietary or classified information. They're powerful tools for everything from policy analysis to technical support.

But RAG architectures require constant interaction between the AI model and data repositories. Every query triggers retrieval operations that pull sensitive information from storage, decrypt it for processing, generate results and ideally re-encrypt everything. Each step creates potential exposure points. Each handoff between systems represents a possible vulnerability.

Traditional encryption approaches — encrypt data at rest, decrypt for processing, re-encrypt for storage — simply don't work when AI systems need continuous, high-speed access to sensitive information. The decrypt-to-use model creates too many windows of vulnerability, and the performance overhead of constant encryption and decryption operations becomes prohibitive.

Federal agencies attempting to deploy RAG systems on classified or sensitive data face an impossible choice: either accept security risks that breach their compliance obligations, or forgo AI capabilities on the data where AI would provide the most value.

What's needed: processing without decryption

The solution requires a fundamentally different security architecture; one that enables AI processing on encrypted data without ever decrypting it. This isn't theoretical cryptography research; the underlying mathematics exists. What's needed is engineering that makes continuous encryption practical for real-world AI operations.

Such an architecture would allow RAG models to query encrypted databases, retrieve encrypted information, process it while encrypted and return results; all without creating those vulnerability windows that make security officers reject AI deployments. The encryption never comes off. The data is never exposed, even to the AI system itself.

This would unlock AI capabilities across government operations that are currently off-limits:

In defense and intelligence: Analysts could use AI to identify patterns across classified datasets, generate intelligence assessments and provide decision support; all while maintaining required security clearances for the data itself.

In healthcare: VA hospitals could deploy AI diagnostics and treatment recommendations using complete patient records, improving care quality without HIPAA violations.

In law enforcement: Investigators could leverage AI for case analysis and threat detection using sensitive criminal justice information that currently can't be processed by AI systems.

In financial oversight: Regulators could use AI to detect fraud patterns and compliance violations across sensitive financial data that institutions legally cannot decrypt for AI analysis.

Beyond technical solutions: cultural change

Technology alone won't solve this challenge. As I emphasized throughout my time at DOD, we need fundamental shifts in how government approaches risk management. Too often, "risk management" becomes a sophisticated way of saying "no" to innovation. We need to ban that reflex and focus instead on mission outcomes.

The right question isn't "How do we eliminate all risk?" It's "How do we enable critical capabilities while managing risks to acceptable levels?" For AI security, that means demanding encryption architectures that protect sensitive data throughout the AI processing lifecycle, not just when data sits idle in storage.

We also need acquisition reform that allows government to rapidly adopt innovative security solutions. It's absurd that a $500,000 contract costs the same to execute as a $2 billion program. Small companies developing breakthrough security technologies can't navigate our procurement bureaucracy. Meanwhile, adversaries move faster because they're unburdened by our process constraints.

The path forward

Federal agencies are making significant investments in AI infrastructure, training programs and governance frameworks. These investments will be wasted if we can't secure the sensitive data that AI needs to provide real value.

The good news is that solutions are emerging. Continuous encryption technologies that enable AI processing without decryption are moving from research labs to commercial availability. Forward-thinking agencies should be evaluating these capabilities now, running pilot programs and preparing their organizations for a security architecture that finally allows sensitive data and AI to work together.

The stakes are too high for incremental progress. Every month we wait to solve the RAG security challenge is another month where America's adversaries gain ground in the AI race. Every sensitive dataset that remains off-limits to AI is a missed opportunity for better decisions, faster response times and more effective government operations.

We built the responsible AI framework. We established governance structures. We invested in data quality. Now we need the security architecture that allows us to actually use AI on the data that matters most.

The technology to unleash AI across government operations exists. What we need now is the leadership commitment to demand it, the acquisition agility to procure it, and the cultural shift to deploy it. Our missions, and our national security, depend on it.

Terry Halvorsen served as Chief Information Officer at the U.S. Department of Defense from 2015-2017 and as CIO of the Department of the Navy. He currently serves as Vice President of Federal Client Development at IBM. He is a veteran Army intelligence officer who served during Operation Just Cause and Operation Desert Storm.

]]>

Inside the effort to connect Congress with the feds enacting its policies

Natalie Alms — Fri, 08 May 2026 08:00:00 -0400

Congress is flying blind on the effectiveness of the laws it creates.

That’s the thesis of a new project released last week by the POPVOX Foundation, a nonpartisan nonprofit, based on the input of 50 federal employees pushed out of their government jobs last year. The intent of this work was partly to gather insights on how policy implementation works in the executive branch and what barriers exist to effective government that lawmakers may not know about.

But it’s also about showing Capitol Hill what’s possible, said Anne Meeker, senior advisor for the POPVOX Foundation, which collaborated with the Niskanen Center, Civil Service Strong, the Partnership for Public Service and the Foundation for American Innovation on the work, called Departure Dialogues.

Communication between those making laws and those implementing them has been a problem for a long time, said Meeker, in part because federal employees doing the work aren’t usually authorized to go talk to Congress about what they may be dealing with as they turn statute into reality. That made last year a unique opportunity, as federal employees left the government en masse under the Trump administration's efforts to shrink the size of the federal workforce.

Typically, Congress’ current mechanisms for feedback from those closest to implementation in the government are limited. Hearings “are performative as often as they are informative,” the new report reads. Audits from the Government Accountability Office are usually retrospective, and congressionally-mandated reports are often compliance exercises.

Federal agencies have legislative affairs offices, but the information they transmit to Congress often gets filtered down to politics and top-level priorities, not the “program-level, operational oversights [of] what’s working, what’s breaking, what statutory language creates unnecessary friction,” the new report reads.

The hope is that Congress may replicate POPVOX’s process, or parts of it — including the use of AI to synthesize insights and surface patterns — so that experts have channels to communicate with lawmakers and their staff. For that reason, Departure Dialogues includes a methods report, in addition to a report on key findings and a legislative index.

One recommendation is for congressional committees to consider building structured input processes into reauthorization cycles or invite mid-level experts in for structured listening sessions.

As for what lawmakers may find if they take on the charge of hearing more from those in government agencies, one top takeaway Departure Dialogues found is that the accumulation of policies and requirements is making it difficult to get things done. Congress usually adds requirements, but it doesn’t take them away.

“One recurring challenge I encountered was the cumulative burden imposed by overlapping and sometimes conflicting legislative and reporting requirements associated with different funding streams,” Vikki Stein, who worked at the U.S. Agency for International Development for 30 years, told POPVOX.

“While each requirement was reasonable in itself, together they created inefficiencies that reduced our ability to focus on program effectiveness,” she continued. “This led to significant duplication of effort, diverting staff time and resources away from program monitoring, learning, and adaptation.”

Others told POPVOX that statutory language sometimes directly prevents them from achieving what Congress intended.

A common culprit: the Paperwork Reduction Act, a law created before the days of the internet that’s meant to reduce paperwork for Americans. Detractors say the law adds bureaucracy internally to those delivering government services who want to collect data like feedback meant to help ensure that government programs work well for people — but that it doesn’t ultimately always reduce burden on citizens the way it’s intended to.

Those writing the new report saw themes across workforce, contracting and internal communication: just as agencies and Congress are siloed, so too are agencies isolated from each other, and even teams within agencies are experiencing separation.

“The project was a little bit of an experiment to see if departing federal employees in this really politically tense moment were interested in participating,” Meeker said of the work.

“The response that we got … was really neat to see. We had so many folks really excited about this chance to say to Congress, like, ‘Look, forget the partisanship, forget the politics. This is just the one thing you need to know about how to make this program better,’” she continued. “That spirit of service was actually really kind of moving.”

]]>

US tech official calls for ‘transformational’ use of AI in scientific discovery

Edward Graham — Thu, 07 May 2026 16:50:00 -0400

The Trump administration sees greater incorporation of artificial intelligence capabilities into the scientific research space as critical for continued U.S. technology leadership, a White House official said on Thursday.

Speaking at the Special Competitive Studies Project’s AI+ Expo, U.S. Chief Technology Officer Ethan Klein said a major focus of this administration “is having better integration and tie-in across the scientific development piece, all the way through tech development, testing, prototyping and scale up.”

Klein said greater adoption of emerging capabilities like agentic AI — autonomous systems capable of executing specific tasks with minimal human oversight — will have a profound impact on scientific research. A Market Connections survey of more than 200 technology executives across government that was released on Tuesday found that 53% of respondents said their agencies were already exploring uses of agentic AI or were planning pilots of the technology.

“Across a broad swath of applications, but specifically for scientific discovery, I think agentic AI will be transformational,” said Klein, who also serves as an associate director of the White House Office of Science and Technology Policy.

Greater use of these capabilities, he said, would help to expand and enhance data collection and transform the types of experiments that can be conducted by researchers.

“I think that if we're able to actually deploy these agentic AI … agents across those workflows, they're going to see a great amount of scientific efficiency,” Klein added. "And that's incredibly important, because that underpins every one of these technologies that we're looking to develop.”

The Trump administration has already taken some steps to enhance nationwide research efforts by leveraging AI. The largest of these is the Genesis Mission, which was launched in November 2025 and seeks to further harness AI for scientific advancement.

Klein said the initiative will help bring “a bit of that muscle [when it comes to] incorporating that into the workflows that we know are going to bring forth this new era of AI-enabled scientific discovery.”

Thursday’s panel, however, was held amid ongoing concerns about how the Trump administration’s push to scale back government operations through layoffs and reductions in force is impacting research efforts.

Just last month, President Donald Trump dismissed all 22 members of the independent advisory board overseeing the National Science Foundation, which supports nationwide science and engineering research. Critics have said the purge — which comes as NSF still lacks a permanent director — will harm continued U.S. scientific leadership.

Editor’s note: Market Connections is a business division of GovExec, the parent company of Nextgov/FCW.

]]>

Pentagon will ‘never again’ rely on a single AI provider, official says

Alexandra Kelley — Thu, 07 May 2026 14:41:00 -0400

Leadership at the Pentagon reiterated the agency’s commitment to diversifying its artificial intelligence service providers, with Under Secretary of Defense for Research and Engineering Emil Michael taking the stage Thursday at an event in Washington, D.C., to stress that his department is never being “single-threaded with any one model.”

Speaking during the Special Competitive Studies Project’s AI+ Expo event, Michael said that the recent deals between eight leading AI developers and the Department of Defense are both a private sector statement of support for working with the government, as well as a step towards the Pentagon’s goal to diversify its tech stack with different providers.

“We were single-threaded on one vendor, one AI vendor at the Department of War, and to integrate into classified systems is not just putting your software on a public cloud and having it work,” Michael said, referring to his agency’s contract with Anthropic. “These are sophisticated, protective systems that take a lot of work to integrate on, so it wasn't like I could just turn on a few other models that easily. But never again we’ll be single-threaded with any one model.”

Michael continued to say that the new deals with Amazon Web Services, Google, Microsoft, NVIDIA, OpenAI, Reflection, Oracle and SpaceX are “a statement by the biggest tech companies in the world who are involved in the AI space … and have them say, ‘We support the Department of War, we support the U.S. government, and we support the… armed services for all lawful use cases.”

Michael’s comments come in the midst of an ongoing dispute between Anthropic and the Department of Defense following the company’s refusal to have its technology used in operations involving autonomous weaponry and American surveillance.

The fallout of that dispute resulted in the Pentagon designating Anthropic a supply chain risk and the White House ordering agencies to begin removing the company's products from their tech stacks. A judge put a hold on those actions in late March pending ongoing litigation over the government’s actions.

The release of Anthropic’s advanced cybersecurity-focused model, Mythos Preview, changed the discussion. Access to Mythos and its advanced capabilities for detecting cybersecurity flaws is tantalizing for the U.S. government, prompting internal drafts of policy plans that would enable some agencies to use Anthropic’s cutting-edge model.

Michael said that the advent of Mythos signals the forthcoming evolution of cyber-capable AI models.

“The Mythos moment is really a cyber moment, and it's: ‘How is the U.S. government going to deal with cyber?’” Michael said.

Major tech companies are responding to Michael’s drive to diversify the Pentagon’s vendor portfolio. Rand Waldron, the vice president of the Global Government Sector for Oracle Cloud Infrastructure, told Nextgov/FCW that Defense officials are asking cloud service providers like Oracle to prioritize interconnectedness in the effort to avoid vendor lock-in.

“From what I can see, the Department of War has some very savvy people who … don't want to go all in on one [model] because then six months later, they may need to go all in on another,” Waldron said.

He explained that there will likely be models that are more finely-tuned to particular use cases, such as code generation, data analytics, supply chain management or targeting in warfighter operations. One model from a single provider may not effectively serve each of these workflows.

“I don't believe that all those different use cases will end up being the exact same model at any given time,” Waldron said.

The Pentagon’s desire to expand the service offerings available for its workforce has precedent. Waldron said that DOD and the intelligence community have laid the foundation for a flexible approach to AI services acquisition, citing the creation of the Commercial Cloud Enterprise and Joint Warfighting Cloud Capability contracting vehicles as the blueprints for future contracting structure.

“It's not like they're trying to replace Anthropic with another model provider,” Waldron said. “They want to replace Anthropic with four model providers.”

]]>