From Pilot to Production: Operationalizing Healthcare GenAI in Secure Multicloud Environments

Posted on by
Reply

Healthcare organizations are under immense pressure to shrink margins, tighten regulations, improve patient expectations and utilize increasingly complex data environments. While generative artificial intelligence (GenAI) has emerged as a powerful tool, most healthcare systems still struggle to move from experimentation to measurable outcomes. Leaders are asking the same questions: Where do we start? How do we ensure security and compliance? How fast should the Return on Investment (ROI) appear?

The answer is not simply selecting a model, it is building a strategy and infrastructure that transforms AI from a promising pilot into an enterprise engine for clinical, operational and financial improvement.

Start With High-Impact Use Cases that Deliver Early ROI

The path to operationalizing GenAI begins with use cases that are narrow enough to implement quickly, but meaningful enough to prove value. Start where measurable gains are most attainable, such as document processing, contract review, claims analysis, compliance workflows and call center optimization.

One of the strongest early candidates is Protected Health Information (PHI) de-identification, where AI can accelerate research access while protecting privacy. Many organizations are also applying GenAI to claims review, using models to flag missing attachments, coding inconsistencies or errors that commonly drive costly denials. With first-pass denial rates hovering in the 17–25% range industry-wide, automating this analysis can generate immediate financial return.

These targeted wins build executive confidence, secure budget and create organizational momentum, which is critical before expanding to more complex clinical or patient-facing scenarios.

Build Trust by Grounding the Model in Your Own Data

Accuracy and trust determine whether healthcare AI is adopted or ignored. General-purpose models are not sufficient for healthcare, where language is deeply nuanced and context dependent. Instead, organizations should ground GenAI in their own governed data sources, such as Electronic Health Records (EHRs), Customer Relationship Management (CRM) platforms, care summaries, research documents or internal policies.

To achieve this, many leaders are adopting Retrieval-Augmented Generation (RAG) with vector databases, which allows models to pull precise information from internal systems in real time. Vector databases are a foundational accelerator, enabling faster, more accurate retrieval across structured and unstructured data. This approach delivers three business advantages:

  1. Higher accuracy and confidence in model responses
  2. Stronger control of PHI and sensitive data
  3. Traceability, which is essential for audits, appeals and clinical validation

Grounding the model in an organization’s own data turns GenAI from a creative tool into a trusted operational system.

Use a Secure Multicloud Strategy to Reduce Risk and Increase Agility

John Snow Labs, Operationalizing Healthcare GenAI blog, embedded image, 2025

To operationalize GenAI responsibly, healthcare organizations should design for security,compliance and flexibility from day one. When separating PHI and non-PHI workloads, a multicloud strategy helps healthcare organizations:

  • Isolate sensitive data to minimize breach impact and simplify governance
  • Reduce lock-in risk and leverage the strengths of different cloud platforms
  • Tap into more innovative options, since each cloud offers unique AI tooling
  • Optimize cost and performance by matching workloads to the right environment

Multicloud design also supports stronger compliance postures by enabling auditability, identity controls, monitoring and bias/hallucination safeguards, all of which must be proven to regulators and accrediting bodies.

Avoid “Pilot Purgatory” and Build a Path to Production

Many healthcare AI programs fail not because the technology underperforms, but because the organization never assigns ownership or a path to scale. To prevent “pilot purgatory,” short-term projects that drag on without measurable outcomes, organizations should:

  • Create a defined production roadmap before the pilot begins
  • Empower a cross-functional AI Center of Excellence (COE) to own outcomes
  • Secure both clinical and administrative stakeholders
  • Treat GenAI as an enterprise capability, not a one-off project

This shift enables the same investment to support multiple use cases, expanding impact while lowering cost per interaction over time.

Continuously Measure, Optimize and Expand

An operational GenAI program is never “set it and forget it.” It is important to continuously track Key Performance Indicators (KPIs) to guide optimization and justify expansion. Recommended KPIs include:

  • Cost per interaction
  • Accuracy and confidence
  • Time saved per task or workflow
  • Time to response (latency and model speed)
  • User satisfaction (providers, staff and patients)

By evaluating these metrics regularly, healthcare organizations can expand from early wins to enterprise scale, from research and development to patient support, revenue cycle, compliance and beyond.

Align People, Data and Infrastructure For AI Success

Technology alone is not the determining factor of AI success in the healthcare space, alignment is. Success requires a shared vision from leadership, responsible data groundwork, a secure multicloud foundation and continuous measurement to maintain trust and value. With the right approach, GenAI can improve patient satisfaction, strengthen trust, accelerate research and innovation, reduce administrative burden and deliver measurable ROI in weeks over years.

Carahsoft and John Snow Labs help healthcare leaders accelerate this journey, combining secure infrastructure, domain-specific healthcare AI and proven deployment models. To explore how your organization can operationalize GenAI safely and effectively, watch the full webinar, “Lessons Learned from Harnessing Healthcare Generative AI in a Hybrid Multi-Cloud Environment.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including John Snow Labs, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

How AI-Powered Records Management Transforms Government Operations from Reactive to Proactive

Posted on by
Reply

Government agencies today must manage an unprecedented volume of digital documents. As digital transformation accelerates across Federal, State and Local agencies, the challenge is not just managing more content, it is extracting actionable intelligence while maintaining compliance, security and operational efficiency. Artificial intelligence (AI) has transformed enterprise records management, replacing manual processes with automated, predictive systems that improve decision making and resource allocation across the mission.

AI-Powered Auto-Classification for Document Management

Effective classification is the foundation of records management, and AI has altered this traditionally complex process. Modern AI models can accurately classify structured documents like invoices or purchase orders, with as few as ten training examples. This represents a major improvement over legacy systems that required zonal Optical Character Recognition (OCR) configuration, separator pages and precise layout specifications.

AI models employ multiple techniques, including computer vision, text extraction and contextual reasoning, to identify document types with high confidence. Unlike older pattern-matching tools, today’s AI adapts to variations in structure and format, making classification scalable for agencies managing thousands of document types across different departments.

Training has also become more accessible. Agencies can simply label documents, point the AI to those examples and generate a working classification system. Accuracy improves over time through human review, and confidence scores allow agencies to set thresholds and route low-confidence results to human reviewers.

Accurate classification directly impacts record retention, access control and content discovery. Without it, employees cannot find necessary documents, retention schedules are misapplied and access permissions become inconsistent. Robust AI-powered classification at ingestion ensures downstream processes function as intended.

Intelligent Data Extraction from Structured and Unstructured Documents

Once documents are classified, agencies must extract meaningful information, an area where AI delivers transformative capabilities. Modern machine learning models locate key-value pairs anywhere on a document, using contextual understanding rather than fixed positions or label formats. AI can also answer natural-language queries, mirroring human logic. If a person can explain how they would find a piece of information, that logic can be written as a prompt for the model.

These capabilities work across structured and unstructured formats. Work that previously required specialized staff and years of experience can now be configured with simple prompts. Confidence scoring ensures accuracy. When the model is uncertain, items are routed to human reviewers. This combines automation’s speed and consistency with human judgment where needed.

For Government agencies, AI extraction improves compliance and reporting. Licensing applications, permit requests, inspection reports and countless other documents can be automatically processed, with extracted data populating systems of record and triggering workflows. Information once locked in PDFs or paper becomes structured, searchable and actionable.

AI-Driven Deduplication and Data Quality Management

VisualVault, AI-Powered Records Management blog, embedded image, 2025

Duplicate data is a productivity drain and a compliance risk. Redundant documents accumulate quickly across forwarded emails, multiple repositories and inconsistent processes. This creates unnecessary work, consumes storage and complicates compliance with data retention requirements.

Legacy deduplication relied on hash matching, but this fails to detect most real-world duplicates. AI-based deduplication analyzes document classifications and extracted metadata to determine true duplicates based on agency-defined rules. If the elements match according to customer rules, the system flags the items as duplicates regardless of differences in headers or formatting.

This content-based deduplication reduces storage costs, simplifies retention compliance and minimizes cybersecurity exposure. Retaining unnecessary data increases legal risk during litigation and discovery and expands the attack surface for cyber threats. AI allows agencies to retain only necessary data, reducing operational and security liabilities.

Enhanced Workflow Automation with Predictive Analytics

High-quality, classified and extracted data unlocks the full value of predictive analytics, enabling Government agencies to shift from reactive problem-solving to proactive planning. This capability uses historical data to predict outcomes, such as numeric values, binary decisions or multiclass classifications.

Platforms like VisualVault allow agencies to train predictive models without data science expertise. Professional services teams configure the models, demonstrate how they work and train agency employees to manage them.

Public sector agencies already use predictive analytics to forecast safety incidents at licensed facilities. Historical inspection data comprised of conditions, violations and corrective actions allows models to identify facilities with a high probability of future serious events. When inspections reveal patterns associated with increased risk, inspectors and licensing officials are automatically alerted, enabling early intervention.

Predictive analytics also strengthens performance management. Agencies can compare their metrics against industry norms, seeing where they stand within their sector. This supports investment decisions and enables precise tracking of improvement outcomes.

Agencies should focus on automating controls that meaningfully reduce, not simply increasing the percentage of automated controls. High-impact controls should be prioritized for automation and predictive monitoring to maximize security and operational benefits.

For decision makers, predictive analytics delivers the context and accuracy needed to make fast, informed decisions across claims, vendor management, resource allocation and strategic planning.

Digital Transformation as Organizational Necessity

Despite rapid technological advancement, human expertise remains essential. AI systems are designed to operate behind the scenes and do not require users to understand machine learning (ML) concepts. Small teams define the required outcomes, what must be classified, what data must be extracted and what predictions will improve decisions, while professional services configure the system accordingly.

AI adoption does not inherently reduce headcount. Historically, technology shifts transform jobs rather than eliminate them. Workflows move from manual tasks like sorting documents to higher-value work such as analysis, decision making and innovation. Employees focus on defining requirements, reviewing AI outputs and applying human judgement where it adds value.

The Measurable Value of AI Implementation

Agencies can begin their journey by identifying their key performance indicators and the business outcomes they want to improve:

  • What pain points cause the most friction?
  • Where do backlogs accumulate?
  • Which processes create the most risk?

This ensures implementation is tied to measurable outcomes. AI success depends on clear requirements, proper process, staff training and strong governance. Agencies should adopt AI incrementally, starting with high-value use cases that deliver quick wins, then expanding into more complex workflows and predictive models as confidence grows.

Digitization mandates and the rise of generative AI have accelerated content creation beyond expectations, driving significant growth for platforms like VisualVault. The agencies that succeed will be those that embrace this shift and modernize now.

Watch VisualVault’s webinar “Employing AI to Bring Order and Value to Enterprise Records Management” to explore detailed demonstrations of AI-powered classification, extraction and predictive analytics capabilities that can transform your agency’s records management operations.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including VisualVault, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

From Data Silos to Life-Saving Decisions: How Technology is Transforming Healthcare Delivery

Posted on by
Reply

Healthcare organizations continuously navigate complex challenges as patient demand grows. Imaging volumes are rising faster than radiology capacity can scale. Public health agencies manage vast amounts of data across disconnected systems. Administrative tasks consume time that healthcare staff would rather spend on patient care.

These operational realities create opportunities for technology to make a meaningful difference. Leading healthcare organizations are already transforming these challenges into improved outcomes through strategic technology deployments enabled by streamlined procurement.

As The Trusted IT Solutions Provider for the Healthcare Industry™, Carahsoft offers a robust portfolio of healthcare technology solutions that make positive changes in the quality, safety and effectiveness of healthcare delivery systems. Streamlined procurement is available through Carahsoft’s reseller partners and numerous contract vehicles including GSA Schedule, NASPO ValuePoint, E&I Cooperative Services and The Quilt.

Key Takeaways:

  • AI diagnostics improve radiology efficiently by up to 40% addressing the looming shortage of 42,000 radiologists by 2033.
  • Unified data platforms enable more than 80% of emergency departments to share real-time data with the CDC.
  • Automated workflows cut processing times by 50%, freeing staff for patient care.
  • Zero Trust security protects patient data while enabling hybrid cloud operations.
  • Streamlined procurement accelerates deployment from months to weeks.

AI-Powered Diagnostics: Addressing the Radiology Crisis

By 2023 the U.S. faces a shortage of up to 42,000 radiologists as imaging volumes rise 5% annually while residency positions increase just 2%.

At Northwestern Medicine, Dr. Mozziyar Etemadi, Clinical Director of Advanced Technologies, deployed a generative AI solution with Dell Technologies and NVIDIA that analyzes chest X-rays and generates draft reports instantaneously. Results: radiology efficiency improved by up to 40% without compromising diagnostic accuracy. The system flagged unexpected pneumothorax cases with 72.7% sensitivity and 99.9% specificity – lifesaving in emergency settings.

The technology runs on Dell PowerEdge XE9680 servers with NVIDIA H100 GPUs, deployed on premises to maintain HIPAA compliance. Northwestern is now developing predictive models for entire electronic records.

Public Health Surveillance: Rapid Outbreak Response

The CDC faced a critical challenge: essential health data trapped in disconnected silos across thousands of facilities.

The CDC’s partnership with Cloudera created a unified platform consolidating data from hospitals, laboratories and wastewater testing sites. More than 80% of non-federal emergency departments now send data to CDC, enabling comprehensive threat monitoring. When measles spiked across 15 states in 2025, officials had integrated visualizations within days.

The CDC’s One CDC Data Platform (1CDP), established in 2024, provides state, tribal, local and territorial agencies with streamlined access to core datasets and analytics, enabling faster disease trend detection and proactive strategies.

Accelerating Cancer Research Collaboration

The National Cancer Institute partnered with Google Cloud and Barnacle AI to introduce NanCI – a platform leveraging AI-driven recommendations to connect researchers with collaboration opportunities, literature and events. The solution demonstrates how AI extends beyond clinical care to accelerate scientific discovery across Government, Education and Healthcare sectors.

Operational Excellence: Freeing Caregivers to Care

Workforce coordination: Healthcare organizations use BlackBerry AtHoc, available through Carahsoft’s reseller network and contract vehicles, to streamline staffing and scheduling processes. The event management platform helps ensure personnel are coordinated efficiently across departments which is essential for maintaining high standards of patient care.

Financial automation: Community Health Centers of Florida implemented Laserfiche’s enterprise content management system, cutting processing time by 50% and eliminating manual data entry. “I cannot fathom processing the current volume of invoices ‘the old way,’” said Dee Bradshaw, director of purchasing. “Laserfiche has cut our processing time in half.”

Every hour freed from administrative burdens is an hour caregivers get back to spend with their patients.

Modern, Secure Infrastructure

California Department of State Hospitals deployed Rubrik’s data management platform to integrate legacy systems with modern hybrid cloud environments. Rubrik’s Zero Trust Data Security framework minimized ransomware vulnerability while ensuring Federal compliance.  

St. Luke’s University Healthcare Network used Rubrik for faster backups, near-instant recovery and seamless hybrid IT integration, strengthening cyber defenses while freeing IT staff to support clinical teams.

Federal agencies, State and Local Governments and Education institutions face similar Zero Trust security and hybrid cloud integration requirements.

Explore Carahsoft’s cybersecurity solutions at www.carahsoft.com/solve/cybersecurity.

Meeting Demand at Scale

NYC Health + Hospitals deployed Snowflake’s Data Cloud which consolidated separate data sources into a unified platform. This integration eradicated silos, provided real-time visibility and enabled data-driven decisions at the point of care for vulnerable populations.

The Carahsoft Advantage

For Healthcare Organizations: Faster access to solutions, simplified procurement through pre-negotiated contracts, integrated solutions across technology verticals, dedicated healthcare technology expertise. Simplify your organization’s procurement journey with Carahsoft.

For Reseller Partners: Opportunities to deliver comprehensive solutions, access to leading vendors through established contract vehicles, sales enablement and marketing support. Become a Carahsoft reseller partner.

For Technology Vendors: Expanded reach across Federal, State and Local Government, Education and Healthcare markets, simplified Healthcare sales through hundreds of contract vehicles. Join our partner ecosystem.

Ready to explore healthcare technology solutions?

Understanding CMMC: A Roadmap for Federal Contractors

Posted on by
Reply

The Department of Defense (DoD) recently announced new cybersecurity compliance mandates for contractors and subcontractors in the DoD’s supply chain. Private companies that process, store or transmit DoD data are now required to comply with the Cybersecurity Maturity Model Certification, or CMMC.

The new mandate impacts every private company that handles Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). That’s a large group: According to the DoD’s own estimation, at least 220,000 private companies currently have access to FCI and CUI and require CMMC certification.

Because the CMMC is relatively new, some organizations may be struggling to understand their obligations. Learn more about exactly what the CMMC is and what steps organizations should take right now to be prepared for audits and remain eligible for DoD contracts.

What Is CMMC?

CMMC is the cybersecurity compliance structure used by the Department of Defense. High-profile security breaches like Solar Winds highlighted the need for rigorous data protection throughout the DoD supply chain. The DoD implements the CMMC framework to vet potential contractors and subcontractors and protect against third-party data breaches.

There are three CMMC certification levels: 1, 2 and 3. The different levels correspond to the degree of sensitive information being handled. All companies that contract with DoD need to have at least Level 1 CMMC, while companies that handle more sensitive information will need to have Level 2 or Level 3 cybersecurity compliance certifications.

Recent Changes to CMMC

The CMMC has recently undergone some amendments. An older version of the CMMC, or CMMC 1.0, was implemented in 2019. The new version, CMMC 2.0, came into effect at the end of 2024.

Contractors must now comply with CMMC 2.0, although implementation is taking place in stages. For any organization contracting with the Defense Department, the most important takeaway is that you absolutely must be CMMC compliant to continue working with the Department.

What Level of CMMC Certification Do You Need?

If your organization handles any FCI or CUI, you’ll need CMMC certification. Which level is right for you? You can’t know for certain until you apply for a contract, as there is some variation from one external contract to another.

However, you can make an educated guess about the certification you’ll need. The DoD’s Scoping and Assessment Guide also provides more detail about the standards for each level.

Level 1 CMMC

Level 1 is the most straightforward CMMC certification. It doesn’t require third-party auditing; contractors do a self-assessment to get the certification.

Level 1 is usually appropriate for contractors who handle FCI material and nothing else. FCI is unclassified Government information that isn’t publicly available. Details about Government employees or facilities, for example, might be categorized as FCI. Although the information is sensitive, it is not considered critical enough to require the extra protection of a Level 2 or Level 3 certification.

Level 2 CMMC

If your organization handles both CUI and FCI, you will probably require Level 2 CMMC certification.

In many cases, Level 2 certification is straightforward and can be achieved through a self-certification process. However, in some cases you will need to pass a third-party audit for Level 2 certification. The procedure depends on the sensitivity of the data you’ll be handling. The more sensitive the information, the more precautions the DoD puts in place to prevent a potentially disastrous security breach.

Level 3 CMMC

Level 3 CMMC is the most serious and the most difficult certification to obtain. If your organization routinely handles both CUI and FCI and also deals with material that impacts DoD operations, then you may need this certification.

Level 3 CMMC mandates stricter protections than the other two certification levels. It’s required in cases where a data breach could create widespread problems for the Department of Defense, or even for national security.

To obtain Level 3 CMMC certification, you must undergo a Government audit. The Government will thoroughly assess your security system and determine whether it meets the appropriate standards for certification.

What Is the Cybersecurity Compliance Timeline?

CMMC 2.0 came into effect in December 2024. From that date on, organizations working with the Department of Defense are mandated to begin implementing CMMC compliance according to a 4-phase plan.

Phase 1

This stage began in December 2024, as soon as CMMC 2.0 came into effect. During Phase 1, prospective new DoD contractors are required to conduct a self-assessment to ensure cybersecurity compliance according to Level 1 or 2 CMMC. Phase 1 requirements went into effect November 10, 2025.

Phase 2

The full Level 2 standard comes into effect in November 2026, ushering in Phase 2 of CMMC 2.0. At this stage, contractors are subject to third-party audits to ensure cybersecurity compliance with Level 2 and Level 3 certification.

Phase 3

Phase 3 is set to begin in November 2027. At that time, organizations that handle the most sensitive data will be mandated to undergo a Government-run security audit to ensure compliance with Level 3 CMMC certification.

Phase 4

In November 2028, all new defense contracts will contain language stipulating the CMMC level requirement.

What Steps Should You Take To Comply with the CMMC?

Cybersecurity compliance is fairly straightforward and can be broken down into a few key steps.

Step One: Preparation

Determine which certification level is appropriate for your organization and its needs. Begin by deciding which contracts you’d like to apply for, and use the contracts to decide the appropriate certification level.

Remember that it’s always a good idea to aim for the lowest appropriate certification level, as higher levels are more difficult to obtain. If you are not dealing with highly sensitive data, it’s not worth trying to obtain the Level 3 certification.

Step Two: Internal Assessment

Conduct a preliminary assessment of your organization, analyzing where you will need to make changes to achieve cybersecurity compliance.

It’s good practice to do this in two stages. First, complete a self-assessment. Next, check your assessment with an objective source.

Step Three: Third-Party Audit

If you’re working towards Level 2 or Level 3 certification, you’ll need to be audited, either by an approved third-party auditor or by the Government. The CMMC marketplace makes it easy to set up the assessment. Again, you should first perform a self-assessment to make sure that you’ve addressed any shortfalls in your organization before you undergo this audit.

Step Four: Course Correction

The audit may reveal deficiencies in your security system. If so, you may be granted time to correct these deficiencies and still successfully apply for your CMMC certification.

Once you receive your CMMC certification, you’ll need to renew it once a year to confirm that your organization is keeping up with DoD best practices for cybersecurity.

Get Started With the CMMC Certification Process

Artificial Intelligence and Cybersecurity: A Federal Perspective

Posted on by
Reply

As artificial intelligence (AI) continues to expand across Government operations, Federal agencies must integrate advanced AI technology to strengthen cybersecurity while staying ahead of new cyber threats. This is especially crucial in environments where critical systems, personally identifiable information (PII), and critical infrastructure are constantly targeted by sophisticated adversaries.

AI is a double-edged sword. Malicious actors now use machine learning techniques, deep learning and generative AI to scale cyberattacks at unprecedented speed. At the same time, security teams are successfully deploying advanced AI algorithms, security tools and threat intelligence to detect, defend and respond faster. Striking the right balance is essential for Federal leaders responsible for safeguarding national interests.

In this article, we’ll talk about how to find the right balance between exploiting AI’s capabilities and guarding against the risks. We’ll also explore the specific threats agencies face today, and discuss how AI can help by automating risk management.

The Growing Cybersecurity Challenge

Ransomware, large-scale phishing campaigns and deepfake social engineering attacks are accelerating due to advancements in AI systems and large language models (LLMs). Cybercriminals can cast a wider net than ever before, with little effort and at a low cost to themselves, especially when targeting critical infrastructure and Federal systems.

Increased Threats

It’s worth noting that even benign AI applications are paving the way for more cyber events. When Government agencies adopt AI tools, they automatically expand their networks and their “attack surfaces,” requiring new security measures and stronger vulnerability assessment practices.

AI’s automation and speed enable large-scale attacks. AI can rapidly scan and scrape online databases and analyze network traffic, looking for potential targets to attack. Hackers can use AI’s no-code automation capabilities to create the code for malware at high speed, and to send out phishing emails at a larger scale than ever before. AI’s natural language processing (NLP) capabilities allow it to create credible “deepfake” video and audio at high speed, as well.

The vast majority of these attacks are unsuccessful, but it only takes one careless end user to click a bad link to a malicious website, or to click a link that triggers a domain blocking failure. That’s why it’s so important for security teams to be on their guard. Fortunately, AI tools can also help. Just as no-code automation helps hackers, it also helps agencies protect themselves against threats.

Leveraging AI Tools To Fight Cyberattacks

The same capabilities that can make AI useful for hackers also make it a great tool in fighting cyber threats. Automation, speed and the ability to identify patterns are all invaluable for countering online threats.

Using AI to Identify Phishing Attacks

AI excels at assisting with phishing detection. AI and Machine Learning (ML) tools can quickly “read” incoming emails and texts and scan them for telltale signs of danger, like unusual sender addresses. AI’s natural language processing capabilities also help. NLP tools scan incoming messages for unusual phrasing or a strange tone, which might indicate a phishing attack.

Most spam folders are powered by AI and ML tools. These tools are constantly learning on the job, too. Whenever you mark an incoming email “spam,” your software learns a little more about what you consider to be spam. Going forward, it incorporates that information into its workflow.

Using AI To Scan for Malware

AI-powered antivirus tools scan for malware more effectively than older antivirus detection systems. The AI software scans and analyzes huge quantities of data in network traffic and system logs to identify patterns that could indicate a virus. Because deep learning models are so good at identifying patterns and spotting anomalies, it can often spot new viruses early on.

Older antivirus software relies on known viral signatures. While useful, these tools can’t keep up with new threats evolving through AI algorithms. That’s the AI difference: predictive pattern detection supports proactive cybersecurity solutions and strengthens incident response.

Using AI To Identify Threats From Within

AI can help to spot attacks from within. The software establishes a baseline of user behavior, like normal login hours and normal patterns of data access. When there’s a change in that baseline, the AI tool flags it for further investigation.

AI looks for changes like unusual activity outside of a team member’s normal working hours or location-based aberrations. For example, if a member of your team normally logs in at 9 a.m. and out at 5 p.m., the AI tool will notice if they start logging in again at midnight to download files. Even if they have authorization to view that information, it’s worth asking why they suddenly need to access it at an unusual time. In the same vein, further review may be warranted if an employee views a record from an atypical IP address.

Using AI To Actively Fight Threats

Beyond identifying cyber threats, AI tools can proactively defend systems. They block or isolate compromised devices, enforce malicious domain blocking, apply system patches and notify security teams of attempted attacks.

AI-backed incident response workflows reduce the spread of malware and help protect the network even when one endpoint is compromised.

Exercising Precaution: Building Guardrails for AI

AI is a valuable tool for fighting cyber threats. However, it’s important to protect your network and end users against AI’s natural pitfalls. Federal agencies have a special responsibility to install guardrails in accordance with the relevant regulations and guidelines.

AI guardrails ensure that the technology behaves according to ethical standards, avoiding bias and making appropriate use of sensitive data. To some extent, AI itself can create guidelines. Generative AI tools can routinely scan for ethical problems and alert managers to any new issues.

However, human oversight remains crucial, and agencies should appoint managers to be directly accountable for AI supervision. The NIST AI Risk Management Framework provides detailed guidance for managers and anyone else involved in managing AI guardrails.

Making the Best Use of AI

Government agencies can’t turn their backs on AI. The technology offers too many benefits to stop using it. However, leaders must be aware that expanding AI also opens them up to greater threats. It’s also critical to be alert to the many dangers posed by AI-enabled cyberattacks.

The first step? Inform yourself about how AI can impact your agency. To get started, learn about AI integration into GRC today.

The Process-Oriented View: CISO Visibility During an OT Attack

Posted on by
Reply

When a cyber incident occurs in an operational technology (OT) environment, understanding what is actually happening can become difficult. Control systems may continue to display normal readings even if attackers have begun manipulating logic or feedback within Programmable Logic Controllers (PLCs) or Human-Machine Interfaces (HMIs). Operators see stable values while underlying conditions start to diverge from what is shown on screen.

If process data at the controller level is falsified, every connected monitoring and cybersecurity tool reflects the same false picture. At that point, the Chief Information Security Officer (CISO) and operations team lose reliable visibility into the physical process that underpins production and safety.

The choices that follow each carry risk:

  • Shutting down operations may prevent escalation but could also cause costly downtime if the intrusion is contained to the network.
  • Continuing to operate may expose critical assets to damage if the manipulation extends to the process layer.

A recent cyber event at Norway’s Risevatnet dam illustrates this limitation.
During the incident, operators lost visibility into parts of the control system, yet intrusion detection and monitoring tools reported no anomalies. The breach was discovered only when on-site personnel noticed irregular behavior in equipment operations.

This outcome speaks to a broader issue in OT cybersecurity. Network-based detection tools can confirm whether communication channels are functioning, but they cannot independently verify whether the process data itself is genuine.  If attackers manipulate information within PLCs or HMIs, every connected dashboard, alarm and analytic layer reflects the same falsified values. In effect, the system becomes blind at the moment visibility is most needed.

The Risevatnet case shows how quickly a cybersecurity failure can become an operational one. When control room data appears normal, incident response slows and decisions depend on incomplete or misleading information. Without a way to validate what is happening at the physical process level, teams must rely on manual observation or external cues, a reactive approach that offers no real protection in complex or distributed environments.

SIGA’s SigaML², available through Carahsoft, addresses this visibility gap by providing an independent, out-of-band view of the industrial process. The system collects unfiltered electrical signals directly from field I/Os (data that cannot be spoofed or altered) and applies multi-level analytics across Purdue Levels 0–4 to detect anomalies and false-data injections in real time.

Its components work together to create an evidence-based view of the process:

  1. SigaGuard sensors capture raw electrical data directly from equipment.
  2. SigaGuardX software correlates Level 0-4 information to identify inconsistencies and possible manipulations.
  3. S-PAS simulation tools allow cybersecurity and operations teams to rehearse attack scenarios and refine incident response playbooks.

These capabilities give CISOs and plant operators verifiable insight during an active incident, helping determine whether an event is operational or cyber in nature and guiding containment or recovery actions.

Regulatory frameworks including Network and Information Security Directive 2 (NIS2), Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and the latest National Institute of Standards and Technology (NIST) guidance highlight the importance of process-level monitoring and validation.

As oversight expands, CISOs and plant operators are expected to provide verifiable evidence of what occurred during an event, more than network logs or alarms.
Meeting that requirement depends on having data sources that remain trustworthy even when control networks are compromised.

SigaML² provides that capability, giving security and operations teams a direct, unaltered view of the physical process when clarity matters most.

Explore how SIGA’s cyber-physical security solutions empower CISOs with greater visibility during OT attacks. Visit Carahsoft’s SIGA solutions page to discover how your agency can enhance its infrastructure resilience.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SIGA, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

From Compliance to Capability: Key Insights from CS5 CMMC Global Conference 2025

Posted on by
Reply

The CS5 CMMC Global Conference 2025, the official conference of The Cyber AB, brought together more than 1,000 senior leaders from the Department of War (DOW), the Cyber AB, Federal agencies and the broader Defense Industrial Base (DIB) in Washington, D.C. The conference served as the essential gathering for defense contractors and DIB suppliers to chart the next phase of Cybersecurity Maturity Model Certification (CMMC) implementation, cyber resilience and supply chain security.  Speakers explored key themes, including:

  • CMMC’s Next Phase: Turning Compliance into Capability and Defending the Digital Nation
  • AI-Driven Compliance
  • Driving Operational Excellence through Documentation
  • Combat Readiness: Scaling Across the Defense Ecosystem
  • Strengthening Supply Chain Resilience

CMMC’s Next Phase

Turning Compliance into Capability

CMMC’s next phase represents precision in action and marks a national shift from policy compliance to operational defense. The United States now views information security as a foundational element of national defense. Safeguarding Controlled Unclassified Information (CUI), whether technical information, operational intelligence or logistical data, is inseparable from mission readiness and warfighter support. The DIB now operates as the digital frontline of national security, where compliance is no longer optional but an essential layer of protection.

Defending the Digital Nation

Contractors demonstrate that they not only meet Federal requirements but also actively share the responsibility of defending the nation’s digital infrastructure. CMMC represents both a compliance framework and a patriotic commitment to protecting critical information, ensuring that data remains secure in an era where proximity to the battlefield no longer determines risk.

AI-Driven Compliance

Artificial Intelligence is transforming the CMMC landscape by acting as a force multiplier for speed, accuracy and operational efficiency. Across the Defense Industrial Base, AI-enabled tools are drafting policies, tagging evidence, detecting anomalies and summarizing documentation that once required extensive manual effort. Large language models (LLMs) can rapidly produce preliminary content that validates cybersecurity readiness and synthesizes complex data, enabling DIB contractors to prepare security readiness at scale. Speakers emphasized the need for human oversight to ensure that AI-generated output is validated and aligned with compliance integrity, as automation without governance creates new vulnerabilities. In practice, organizations should leverage AI to enhance efficiency and maintain traceable audit trails, while reserving decision-making, evidence validation and risk assessment for qualified staff. 

When implemented responsibly, AI enables a balanced model of collaboration between human expertise and machine efficiency, accelerating readiness without compromising accountability or security.

Driving Operational Excellence through Documentation

Governance, Risk and Compliance (GRC) platforms serve as key accelerators by automating version controls, maintaining audit trails, centralizing repositories and linking policies directly to evidence. Updating documentation frequently ensures team alignment and simplifies compliance upkeep as levels role out and evaluations are conducted. Embedding documentation into corporate culture ensures long-term sustainability and empowers teams to focus on meaningful security efforts rather than reactive updates.

Best Practices:

  • Automate version controls and standardizes templates to ensure consistency
  • Use GRC systems to consolidate documentation and eliminate silos
  • Treat documentation as continuous validation: write it, organize it and prove it
  • Integrate compliance reviews into routine workflows to sustain readiness and confidence

Combat Readiness: Scaling Across the Defense Ecosystem

The official enforcement of Title 48 of the Code of Federal Regulations on November 10, 2025, will operationalize CMMC as a mandatory requirement for Federal contracts, transforming cybersecurity from a best practice into an enforceable procurement standard across the DIB.

As CMMC Phase 1 begins, compliance must be achievable and affordable, particularly for small and mid-sized contractors that anchor the defense supply chain. Organizations should use this time to budget to train and develop strategies for compliance, leveraging hyperscalers and automation to accelerate readiness. Speakers emphasized that scalable readiness, supported by harmonized frameworks and the reduction of overlapping requirements, is critical to sustaining momentum toward full certification.

Early preparation is essential, as a limited number of assessors may create scheduling delays once enforcement expands. Companies that act now by documenting, training and aligning their operations with Federal standards will not only meet compliance expectations but also reinforce their resilience, competitiveness and commitment to securing the nation’s defense ecosystem.

Strengthening Supply Chain Resilience

High-profile cyber intrusions reaffirmed a simple truth: supply chain security is the foundation of national security. Every organization must know what it protects, how it protects it and how that protection is verified through certification. Compliance is no longer just a cost of doing business; it is both a competitive advantage and a national defense imperative. Contractors should prepare their teams to understand eligibility requirements, strengthen internal controls and treat certification as an investment in long-term success. By embedding compliance into corporate culture and operational workflows, companies not only safeguard data but also enhance brand credibility, reduce systemic risk and ensure continuity of operations across the DIB.

Each contractor that fortifies its cyber posture strengthens the resilience of the entire supply chain because securing the DIB is securing the nation.

How Carahsoft Can Help

Whether your organization is preparing for its first CMMC assessment or advancing its cybersecurity maturity, there are continuous opportunities to strengthen readiness and collaboration across the Defense Industrial Base.

Explore CMMC Resources

Visit Carahsoft’s CMMC page to access compliance guides, vendor solutions and educational content designed to support Defense Industrial Base organizations at every maturity level. From understanding capability domains to preparing for assessments, our resources help organizations make informed decisions throughout their CMMC journey.

Download our comprehensive Cybersecurity Maturity Model Certification Framework Guide to understand the requirements, assessment processes and best practices for achieving CMMC compliance across all maturity levels.

Connect with CMMC Experts

Gaining CMMC compliance can be a complex and time-consuming process, but Carahsoft can guide your organization through every stage. Partnered with more than 200 cybersecurity vendors, Carahsoft connects DIB organizations with the right technologies, service providers and experts to address every maturity level and capability domain.

Contact the Carahsoft Team at (888) 662-2724 or CMMC@carahsoft.com to discuss your organization’s specific compliance needs and discover tailored solutions from our network of cybersecurity partners.

Attend Upcoming CMMC Events

Stay informed on the latest CMMC developments through Carahsoft-hosted workshops, webinars and training sessions. Through our network of partners, policy insights and educational events, Carahsoft helps organizations advance their cybersecurity maturity and meet evolving compliance requirements. Register to receive updates on upcoming CMMC-focused events and training opportunities.

Building the Future of Higher Education Through Strategic Partnerships

Posted on by
Reply

After more than 20 years of simplifying and facilitating technology procurement for higher education institutions, Carahsoft has developed a unique perspective: the greatest opportunities for innovation emerge when technology providers and campus leaders work together strategically, not just transactionally. Today’s most successful higher education IT initiatives share a common thread — they’re built on partnerships that align institutional needs with provider capabilities from the start.

This collaborative approach is transforming how campuses modernize infrastructure, strengthen cybersecurity and enable research excellence. Here’s what we’ve learned about building partnerships that deliver measurable results.

Understanding the Higher Education Technology Landscape

Campus CIOs are leading one of the most exciting periods of transformation in higher education history. The integration of Artificial Intelligence, machine learning and advanced analytics is opening new possibilities for research, student success and operational efficiency. At the same time, institutions are successfully navigating budget optimization, evolving institutional priorities and the ongoing need to strengthen cybersecurity posture.

From our vantage point as a Public Sector distributor working with hundreds of technology providers, resellers, implementation partners and thousands of institutions, we see tremendous momentum. Campuses are successfully deploying innovative solutions. Providers are developing platforms specifically designed for the unique needs of higher education. The opportunity now is to accelerate this progress through stronger collaboration and shared service.

What Campus Leaders Need to Succeed:

The most effective technology investments share common characteristics. They align with institutional strategy while delivering quick return on investment. They address current staffing realities rather than requiring extensive internal expertise. They integrate seamlessly with existing systems and workflows. Most importantly, they come with implementation support that helps institutions realize value quickly.

What Technology Providers Understand:

Leading providers recognize that higher education is a diverse marketplace with unique needs across institutions. A comprehensive research university has different needs than a liberal arts college or community college system. Successful vendors tailor their offerings to match institutional capacity which provides modular implementations that can scale over time as budgets and expertise grow.

Carahsoft’s Unique Position in Higher Education Technology

Our role as The Trusted Education IT Solutions Provider® and a Public Sector distributor gives us a distinctive perspective that benefits both institutions and providers. We facilitate numerous higher education technology transactions annually through cooperative contracts like OMNIA Partners, NASPO ValuePoint, The Quilt, E&I Cooperative Services and Internet2. This position allows us to see patterns and opportunities that emerge across the entire ecosystem.

View Carahsoft’s comprehensive suite of EdTech Contracts.

Operational Intelligence That Drives Better Outcomes:

Through more than two decades of higher education partnerships, we’ve developed deep knowledge of what drives successful technology adoption. We understand which contract vehicles institutions prefer and why. We know which implementation approaches deliver the fastest time-to-value. We’ve seen which vendor partnerships create the most sustainable long-term relationships.

This intelligence allows us to facilitate introductions and partnerships with a high probability of success. When a campus CIO describes their modernization goals, we can connect them with providers who have delivered similar outcomes for comparable institutions or state systems. When a technology provider wants to expand in higher education, we can share insights about institutional priorities, procurement preferences and implementation best practices.

Portfolio Breadth Enables Better Solutions:

Carahsoft’s portfolio spans Cybersecurity, Artificial Intelligence, MultiCloud, DevSecOps, analytics, identity management and more. This breadth enables us to help institutions build integrated solutions rather than purchasing point products. We can facilitate “Better Together” approaches where complementary technologies from multiple vendors create more comprehensive capabilities.

Accelerating Success Through Strategic Collaboration

Streamlined Procurement Accelerates Deployment:

Higher education institutions can access pre-negotiated pricing and state specific terms through cooperative contracts, satisfying lengthy RFP requirements and negotiations with vendors. This allows IT teams to focus resources on implementation and adoption rather than procurement administration.

Learn more about Carahsoft’s education contract vehicles and how they simplify procurement for your institution.

Implementation Support Addresses Resource Constraints:

Through Carahsoft’s reseller network, institutions can access partners who specialize in higher education deployments. These partners offer managed services, implementation support and ongoing optimization that address staffing challenges. This allows campuses to deploy more sophisticated solutions than internal resources alone would permit.

The Path Forward: Partnership as Strategy

As the higher education technology landscape continues to evolve, the institutions and providers that thrive will be those who embrace strategic partnership as a core operating principle. For campus leaders, this means viewing technology procurement not as a transaction but as relationship-building. For technology providers, this means investing in deep understanding of higher education operations, budget cycles and institutional priorities.

Carahsoft and our reseller partner are committed to facilitating these strategic partnerships. Our team of higher education specialists brings decades of combined experience in both campus IT operations and technology provider relationships. Together, we can ensure that every institution has access to innovative solutions that enable research excellence, student success and operational efficiency.

Ready to explore strategic technology partnerships for your institution? Contact Carahsoft’s higher education team to discuss your modernization goals and discover solutions tailored to your needs.

Technology providers seeking to expand in higher education? Connect with our team to learn how Carahsoft can accelerate your growth through strategic partnerships and streamlined procurement.

Top 5 Insights from IACP Annual 2025 

Posted on by
Reply

The 2025 International Association of Chiefs of Police (IACP) Annual conference served as a premier gathering for law enforcement and partners to share the latest in technology and industry solutions.

Carahsoft and its partners attended to connect on the latest in law enforcement technology.  

Five key themes stood out throughout the sessions:  

1. AI-Assisted Investigations 

In the session “The AI-Powered Investigator: Surfacing Insights in Law Enforcement,” speaker Jeremy Peterson presented on leveraging artificial intelligence (AI) to enhance law enforcement investigations while maintaining compliance and auditability. While AI offers tremendous potential for supercharging investigations, its function as a “black box” means it lacks the transparency required in regulated environments. With the use of multiple specialized AI agents, law enforcement can utilize guardrails and clear audit trails for working within structured workflows, rather than relying on a single generic AI. In one case study, Special Agent Isabella Rossi investigated a multi-state burglary operation, where AI identified connections between stolen crypto-mining hardware and a warehouse fire, helped draft legal documents like subpoenas and generated lookout alerts. Solutions from industry innovators such as Veritone and Tranquility AI are already helping agencies put these concepts into practice, offering AI-powered tools that enable law enforcement agencies to rapidly analyze data and tailor solutions to their specific workflows, expediting investigation processes.

2. Protecting Officers Through Drones 

In the panel “Don’t Let Them Go in Blind: Evolving Drones as First Responders to Protect Every Patrol Officer,” speakers discussed the role of comprehensive Drones as First Responders (DFR) for law enforcement. DFR designed with public safety in mind effectively address critical challenges in the field, including staffing shortages, response times and officer safety. Outdoor DFR systems, which are currently operational across multiple jurisdictions with multiple docks per city responding to thousands of monthly calls, have demonstrated the ability to arrive on scene in under two minutes, reduce crime through rapid visual documentation, decrease use of force incidents and clear 20-40% of calls without officer dispatch. New indoor drones address the situational awareness gap that occurs when officers enter buildings, providing capabilities for confined space navigation, perching for up to three hours, two-way communication replacing traditional throw phones, 4K night vision and obstacle avoidance technology. They are all deployable within 30 seconds from a patrol vehicle. The new technology offers remote piloting, freeing officers to focus on incident command rather than drone operation. 

3. Instant Translation with AI Services 

At the panel “Enhancing Emergency Communications with an End-to-End AI Assistive Platform,” speaker Brad Flanagan, Prepared’s Public Safety Answering Point (PSAP) Ambassador, discussed how AI-powered platforms are improving the efficiency of for 911 emergency call centers by providing comprehensive support and incident resolution. Translation-based AI systems, such as those created by Prepared and Hyper, offer real-time language interpretation in over 240 languages through text, automatic transcription and AI agent conferencing, significantly reducing wait times for interpreters and improving emergency response, including instances where cardiac arrests and domestic violence situations were handled more effectively. The platform consolidates multiple location verification systems into a single interface, reducing address errors from six per month to a timeframe of six months, despite having less experienced staff. AI translators enable rapid incident review and reporting by automatically organizing call recordings, radio traffic and transcripts, reducing review time. The current system includes AI-assisted call triage during high-volume situations, post-call performance analysis within two minutes, live guidance for call-takers on protocol-specific questions and training simulations for staff development. AI platforms provide field responders and administrators with real-time data insights and analytics to improve emergency response quality and efficiency. 

4. Cybersecurity in the Modern Age 

During the session “Cyber Threats to Critical Communications Systems,” speaker Travis Randall discussed the evolving cybersecurity threats that Public Safety organizations face. Agencies are increasingly vulnerable due to their combination of sensitive data and critical high-availability systems, such as dispatch, 911 and radio networks. The primary threat is ransomware groups, who often operate through a sophisticated criminal ecosystem of developers, affiliates and access brokers, conducting attacks at scale that have significantly disrupted emergency communications. Randall details how these attacks typically exploit valid credentials, unpatched vulnerabilities, misconfigured VPNs and weak access controls to compromise networks, often using legitimate system tools rather than obvious malware to evade detection. To stay on top of ransomware groups, agencies must employ essential defensive measures like offline backups, multi-factor authentication, privilege management, vulnerability patching and continuous network monitoring.  

5. Improving Awareness with Real-Time Crime Centers 

In the session “Real-Time Crime Centers: A Real Possibility for Small and Midsize Agencies,” speakers Chris Henningsen, President at the National Real Time Crime Center Association, and Chris Settle, Police Chief of Culpeper Police Department, discussed the operation of real-time crime centers. The speakers emphasize that real-time centers serve as technology hubs providing situational awareness and acting as force multipliers during staffing shortages, are attainable for agencies of all sizes. Centers can start small with minimal resources, such as a computer, radio and analyst, and scale over time based on demonstrated successes and measurable outcomes. Key components include integrating existing resources like traffic cameras, body-worn cameras, license plate readers, drones and community partner camera feeds to provide officers with critical information before arriving at scenes, often achieving response times of seconds rather than minutes.  

Some of the benefits include that real-time crime centers can: 

  • Reduce investigation time with camera networks and LPR technology 
  • Enhance recruitment and retention by demonstrating technological investment and officer safety support 
  • Enables officers to connect with back-up support, who can view footage and provide aid in real-time 

Henningsen and Settle stress that effective implementation requires cross-training staff, tracking progress through data analytics and continuously pursuing partnerships with technology vendors, such as Flock Safety, to share resources and best practices.  

Maintaining pace with the evolving technology landscape ensures that law enforcement and confidential data remains protected. Through AI, real-time crime centers, drones and ransomware protection, law enforcement remains committed to protecting civilians.  

Missed IACP Annual? Attend Carahsoft’s 2026 law enforcement innovation summit to learn more about the latest technology and solutions in law enforcement.  

The Practical Applications of Artificial Intelligence in Government Programs

Posted on by
Reply

A Government’s ability to lead, protect and serve is tied to how boldly it embraces technology. Artificial intelligence (AI) is no longer a distant concept. It’s a force already redefining the way agencies operate, safeguard resources and deliver services. In an era where global competitors are racing ahead with automation and advanced analytics, standing still is not an option. Agencies that adopt AI strategically will not only keep pace but set new standards for effectiveness, transparency and citizen trust.

Key Use Cases for Artificial Intelligence in Government

Across the Public Sector, AI is moving beyond pilot projects into critical programs. Government agencies are weaving AI into their daily operations. They are detecting fraud before it drains budgets, automating compliance that once accounted for many staff hours and analyzing risks too complicated for manual review. The practical applications are real, measurable and growing. What once seemed like gradual innovation is quickly becoming a foundation for modern governance.

Common AI use cases in Government include:

Fraud detection and prevention

The U.S. Government loses between $233 billion and $521 billion a year to fraud. While no agency is immune to fraud, AI is helping the Government fight back. For example:

  • The Treasury Departmentuses machine learning to detect fraud in real time, enabling it to recover over $4 billion in fraudulent funds during fiscal year 2024.
  • The Centers for Medicare & Medicaid Services (CMS)has integrated AI in its fraud prevention system to review claims before payment. Between January and August 2025 alone, it denied over 800,000 fraudulent claims, saving more than $141 million.
  • The IRS uses AI-powered tools, such as the Risk-Based Collection Model, to improve fraud detection and reduce the tax gap.

Compliance reporting

Compliance is time-consuming for agencies, but AI is now automating much of the process. Agencies use AI to monitor real-time data and flag inconsistencies to simplify reporting. With these capabilities, AI enables greater transparency and faster responses to regulatory requirements.

While AI doesn’t replace human oversight, it frees staff to focus on higher-value analysis, cutting the time and costs of compliance. A good example is the Securities and Exchange Commission’s (SEC) use of natural language processing to automate reporting for financial markets. It processes millions of filings and generates compliance reports to improve enforcement efficiency.

Risk management

Government programs face constant risks:

  • Operational
  • Financial
  • Security
  • Environmental
  • Third-party exposure

AI in Government is already helping agencies with minimum risk management practices. For instance, automating third-party risk management with AI-enabled Governance, Risk and Compliance (GRC) platforms helps agencies assess vendor reliability and track compliance to reduce exposure.

Supply chain monitoring

The COVID-19 pandemic revealed the vulnerability of the public supply chain. AI is now helping the Government strengthen resilience with real-time monitoring.

Machine learning models predict bottlenecks to help agencies optimize their logistics. Additionally, enhanced visibility allows policymakers to proactively mitigate third-party risks in the supply chain, as they can monitor vendors and flag vulnerabilities before they escalate.

Policy cycle integration

Public policies move through cycles: setting the agenda, designing solutions, implementing programs and evaluating results. AI has a role at each stage.

Policy cycle stageAI’s roles
Agenda-settingAnalyzes citizen feedback and emerging trends to identify priorities
Solution development Models the likely impact of different policy options
ImplementationAutomates program operations
EvaluationMeasures outcomes against goals

Used thoughtfully, AI makes the policy cycle more evidence-driven and adaptive.

Citizen services

According to a 2024 Salesforce report, 75% of Americans expect Government digital technologies to match the quality of the best private sector organizations. To meet these expectations, U.S. and State Government agencies are using:

  • Chatbots to answer common questions and improve the availability of Government services
  • Digital assistants to provide personalized help and handle more complex inquiries
  • Self-service portals to let citizens complete tasks like renewing licenses on their own

Benefits of Artificial Intelligence in Government

Beyond mere modernization, embracing AI in Government delivers measurable value:

Increased efficiency and productivity

According to a 2023 McKinsey report, generative AI can automate 60%–70% of tasks and add $2.6–4.4 trillion annually to global productivity. Federal and State agencies are using AI to reduce repetitive tasks such as data entry and document reviews to free Government employees’ time for more strategic efforts. This shift in focus raises productivity without adding headcount.

Improved strategy

Insights from AI help policymakers see the bigger picture. Agencies use predictive analytics to forecast outcomes and test scenarios so they can design public policies to prevent undesirable outcomes to begin with, instead of just reacting to them.

Greater responsiveness

AI makes public services more responsive. Examples include agencies using chatbots to answer citizens’ questions and sentiment analysis tools to better listen to community concerns.

Implementation Challenges that Hinder the Strategic Use of AI in Government

While AI is already delivering results in Government agencies, several obstacles hinder its broader adoption.

Skill gaps and training

A 2024 Salesforce survey found that 60% of Public Sector IT professionals say limited AI skill is their top challenge in implementing AI.

Data biases and ethics

AI learns from data that often reflects existing societal inequities, which can perpetuate or even amplify bias.

Data management

Many agencies rely on siloed or outdated systems. In fact, the Federal Government faces a $100 billion legacy IT challenge, making it difficult to integrate and secure data effectively.

Public trust

Government agencies are expected to operate with a high degree of accountability and transparency. Public skepticism, shaped with legitimate concerns about bias and privacy, may stall or derail AI initiatives.

The Way Forward: Building Smarter, Trustworthy Public Programs

The potential of AI in Government is huge, but so are the risks. To enjoy the benefits while protecting public trust, it’s important to follow best practices for managing AI risks:

  • Treat AI as a strategic asset that drives smart, citizen-focused outcomes, rather than just a technical tool.
  • Pair AI with human oversight to address biases and provide context in decision-making, so the outcomes remain fair and ethical.
  • Invest in responsible governance frameworks to guide the development and deployment of AI within your agency.
  • Monitor AI continuously after deployment to address any unintended consequences.

Managing AI in GRC Solutions