One of today’s top trends is artificial intelligence (AI), specifically how the Public Sector can adopt it while maintaining the security, governance and oversight essential for mission-critical operations. With AI jumping from number three to one on Federal Chief Information Officers’ (CIO) priority lists and 80% of CIOs under explicit cost savings mandates, the question is no longer whether to deploy AI but how to do so securely at scale.
The recent overhaul of the Federal Acquisition Regulation (FAR) marks the most significant rewrite in over 40 years, fundamentally shifting how Federal agencies operate and procure technology. As generative AI (GenAI) deployments move into mission-critical environments, agencies need practical frameworks that balance speed with verification.
Moving From Speed to Velocity
As The Public Sector enters the age of AI, with $4 trillion in Private Sector investment in data centers, agencies face a fundamental design challenge: design AI systems that adapt to human workflows rather than forcing humans to adapt to systems. This distinction matters most in Government and defense contexts where lives depend on maintaining human oversight for deliberate decisions.
The Department of War’s (DoW) Acquisition Transformation Strategy (ATS) offers a proven model of buying outcomes in increments. Instead of funding calendar time through traditional program structures, agencies should fund missions through portfolios that deliver outcomes in weeks or months. This approach structures procurement in modular increments that integrate with evolving architecture while funding capability and delivery, not timelines.
Velocity differs from speed in its directional precision. Agencies can accelerate procurement through fast-lane processes while maintaining governance through evidence gates that verify operational performance, user adoption, cyber risk posture and sustainment realities. This framework preserves ethical obligations while delivering measurable results.
Prerequisites for Secure AI Implementation
Before deploying AI tools in production environments, agencies need foundational elements in place:
Policy frameworks that define where AI can be a part of the process and establish clear boundaries for all personnel. Training and enablement programs ensure teams understand governance requirements and security policies. Several Federal agencies have already created AI centers of excellence to help establish standards and create processes around how they are implementing AI.
End-to-end visibility across the entire software delivery process enables agencies to track where AI agents operate and what actions they perform. Without comprehensive visibility, governance becomes theoretical rather than operational.
Contextual accuracy determines output quality, AI systems deliver accurate, usable results only when provided with the right context, making data quality and integration critical prerequisites.
Built-in guardrails must exist before AI implementation. Security scans on every code change and controls preventing critical vulnerabilities from merging into production branches become essential as agencies move into the agentic AI era.
Practical AI Use Cases That Deliver Value
GitLab’s most recent DevSecOps survey reports that AI currently handles about 25% of the work in Public Sector organizations, with leadership targeting 50% automation. The most successful implementations focus on code generation, testing and documentation, areas where AI delivers immediate, measurable impacts.
Federal customers using GitLab’s AI capabilities report significant efficiency gains in code review processes. AI-powered first-pass reviews reduce time while maintaining quality standards. Test generation and legacy code modernization have proven particularly effective.
Compliance automation represents an emerging high-value use case. GitLab teams are developing compliance agents that access code repositories, Continuous Integration/Continuous Deployment (CI/CD) pipelines and security vulnerability data to automatically populate Security Technical Implementation Guide (STIG) checklists. Security team leaders review and adjust outputs as necessary, reducing administrative burden while allowing teams to focus on strengthening application security posture.
Prioritizing AI Governance Frameworks
With 35% of Public Sector professionals using unofficial AI tools at work, agencies governance frameworks that address shadow IT risks without stifling innovation. A risk-based approach identifies high-impact systems within critical infrastructure and implements controls that prevent systemic failures.
Effective governance prioritizes AI adoption around innovation while maintaining public trust. Agencies must identify high-impact areas and understand system interdependencies, as more systems connect, understanding how one system impacts another becomes essential for appropriate segmentation and risk management.
Building on Secure Foundations
Agencies cannot build on a shaky foundation. Federal AI and cybersecurity strategies must align around building responsibility into the process from the start. This requires shifting from governing static systems to engineering systems that can evolve safely, integrating assurances, accountability and human judgment as foundational design constraints instead of downstream checks.
Before deploying advanced AI capabilities, agencies should strengthen foundational practices, standardizing workflows, implementing security by design and ensuring basic guardrails are in place. AI cannot compensate for weak foundations in the software development lifecycle. The path forward requires doubling down on fundamentals while strategically adopting AI where it delivers clear value.
To learn more about implementing secure AI solutions, watch GitLab’s full webinar, “Cyber in the AI Era: Building Foundations for Secure Adoption.”
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including GitLab, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.
“Open source transforms the way agencies manage hybrid and multi-cloud environments. The most critical technology in the cloud, across all providers, is Linux. Everything is built on top of that foundation — both the infrastructure of the cloud and cloud offerings. Given the right partner, the promise of Linux is that it provides a consistent technology layer for agencies across all footprints, including multiple cloud providers, on-premises data centers and edge environments. From that foundation, agencies and their partners can build portable architectures that leverage other open source technologies. Portability gives organizations the ability to use the same architectures, underlying technologies, monitoring and security solutions, and human skills to manage mission-critical capabilities across all footprints.”