How DoD Contractors Can Use AI Without Putting CUI at Risk

Artificial intelligence can help defense contractors work faster, reduce administrative burden, improve proposal operations, summarize complex documents, strengthen knowledge management, and support program execution. But for companies that serve the Department of Defense, AI adoption comes with a critical question: will this AI tool touch Controlled Unclassified Information?

If the answer is yes, the conversation changes immediately.

Using AI with public information is one thing. Using AI with Controlled Unclassified Information, Covered Defense Information, controlled technical information, export-controlled data, government-furnished information, or contract-sensitive materials is very different. In the DoD environment, AI is not just a productivity tool. It can become part of the contractor's information system, compliance boundary, cybersecurity risk posture, and contract performance risk.

The CUI program standardizes how the executive branch handles unclassified information that requires safeguarding or dissemination controls, and the CUI Registry is the government-wide repository for federal CUI policy and practice. Contractors are also expected to consult agency-specific CUI implementing policies and program management guidance.

This article explains how DoD contractors can use AI responsibly without putting CUI at risk.

Why AI Changes the CUI Risk Equation

Traditional software tools usually have obvious data paths. A file is uploaded, stored, edited, downloaded, or transmitted. AI tools create more complicated data paths.

A single AI workflow may involve prompts, uploaded documents, chat history, generated outputs, embeddings, vector databases, application logs, API calls, model evaluation records, user metadata, plug-ins, browser extensions, and vendor-side telemetry. A contractor may think an employee is "just asking a chatbot a question," but the tool may be processing or retaining sensitive information in ways the company has not reviewed.

NIST SP 800-171 Rev. 3 applies to components of nonfederal systems that process, store, or transmit CUI, as well as components that provide protection for those systems. Its security requirements are intended for use in federal contracts and agreements involving nonfederal organizations.

For DoD contractors, this means an AI platform cannot be treated as "outside the boundary" simply because it is new, cloud-based, or marketed as a productivity application.

Start With the Data, Not the Tool

The safest way to evaluate AI use is to begin with the data.

Before approving any AI use case, DoD contractors should ask whether the information is public, company proprietary, Federal Contract Information, CUI, Covered Defense Information, controlled technical information, export-controlled, classified, government-furnished, or subject to customer-specific restrictions.

DoD CUI training guidance says that to determine whether unclassified information is CUI, users should compare it to the categories and subcategories in the DoD CUI Registry. Unclassified information may only be marked as CUI if it aligns with a category established in the ISOO and DoD CUI registries.

In practice, contractors should not guess. They should check contract language, DD Form 254 requirements where applicable, CUI markings, security classification guides, customer instructions, program guidance, and the relevant CUI registry category. When in doubt, ask the contracting officer, COR, security officer, or government data owner.

Understand the Difference Between FCI, CUI, and CDI

AI risk often starts because employees do not understand the difference between general contract information and controlled information.

Federal Contract Information, or FCI, is information not intended for public release that is provided by or generated for the government under a contract to develop or deliver a product or service to the government. FAR 52.204-21 requires basic safeguarding of contractor systems that process, store, or transmit FCI.

CUI is a broader federal information control category. It is not classified, but it requires safeguarding or dissemination controls under law, regulation, or government-wide policy.

Covered Defense Information, or CDI, is the DoD-specific concept used in DFARS 252.204-7012. Under that clause, a covered contractor information system is an unclassified system owned or operated by or for a contractor that processes, stores, or transmits covered defense information. The clause also defines controlled technical information as technical information with military or space application that is subject to access, use, reproduction, release, or dissemination controls.

The practical takeaway: an AI tool that touches ordinary public information may be low risk. An AI tool that touches FCI needs safeguarding. An AI tool that touches CUI or CDI needs a much stronger compliance review.

Where DoD Contractors Commonly Put CUI at Risk

Most AI-related CUI exposure does not happen because someone is trying to break the rules. It happens because the tool is useful, fast, and easy to access.

Common risk scenarios include employees pasting controlled contract language into public AI tools, uploading technical drawings for summarization, using AI meeting assistants during program discussions, feeding CUI into a proposal drafting tool, connecting AI search to a shared drive that contains controlled documents, or allowing a browser extension to read pages in a contract management system.

Another common risk is retrieval-augmented generation, often called RAG. RAG can be valuable because it allows an AI system to search approved internal documents and generate answers from them. But when the underlying document set contains CUI, the vector database, embeddings, access controls, retrieval logs, generated answers, and user permissions all matter. The CUI risk does not disappear because the AI is "only searching."

Contractors should also watch for subcontractor use. If a subcontractor uses an AI tool to support performance and that tool touches CUI, the prime may still face contractual, security, and customer relationship risk.

The AI/CUI Risk Tier Model

A practical way to govern AI is to divide use cases into risk tiers.

Green use cases include public solicitations, public agency strategy documents, public websites, generic templates, training examples, and sanitized internal content. AI can often be used here with normal business review, although contractors should still protect proprietary strategy and proposal-sensitive information.

Yellow use cases include internal business information, capture strategy, customer relationship notes, and non-public contract information that does not rise to CUI. FAR 52.204-21 requires basic safeguards for systems that process, store, or transmit FCI.

Red use cases include CUI, CDI, controlled technical information, export-controlled data, or sensitive government-furnished information. This information should only be used in AI systems that have been reviewed and approved for that data type, contract, and environment.

Black use cases include classified information or SCI. Classified information should not be entered into unclassified AI tools. AI systems used in Sensitive Compartmented Information missions must follow existing DoD and Intelligence Community policies, as applicable.

The Core Compliance Areas Contractors Need to Address

CUI-safe AI adoption requires more than a tool approval. Contractors need a repeatable operating model that addresses recognition, scope, cloud architecture, data rights, and incident response.

CUI identification and marking

Employees cannot protect what they cannot recognize. AI policy should include examples of CUI categories likely to appear in the company's work, such as controlled technical information, export-controlled information, critical infrastructure information, privacy information, and intelligence-related information.

System boundary and CMMC scope

CMMC implementation has begun, with Phase 1 running from November 10, 2025, through November 9, 2026, focused primarily on Level 1 and Level 2 self-assessments, along with affirmations submitted in SPRS.

AI matters for CMMC because tools that process, store, transmit, or protect CUI can affect the assessment boundary. A company may spend months preparing its environment, then unintentionally expand the boundary by allowing employees to move CUI into an unapproved AI application.

For that reason, every AI tool should be evaluated against the System Security Plan, asset inventory, data flow diagrams, access controls, audit logging, incident response procedures, and cybersecurity risk management process.

Cloud and FedRAMP considerations

DFARS 252.204-7012 requires that when a contractor uses an external cloud service provider to store, process, or transmit Covered Defense Information in contract performance, the contractor must require and ensure that the provider meets security requirements equivalent to the FedRAMP Moderate baseline and complies with cyber incident reporting, malicious software, media preservation, forensic access, and damage assessment requirements.

FedRAMP alone is not a universal approval. A tool can be appropriate for one data type and inappropriate for another. For DoD missions, public information and non-public DoD missions involving CUI may require different cloud impact-level considerations.

Government data and model training

A major AI risk is whether prompts, files, outputs, or customer data can be used to train or improve public or commercial AI models. OMB M-25-22 directs agencies to ensure contracts permanently prohibit the use of non-public inputted agency data and outputted results to further train publicly or commercially available AI algorithms, absent explicit agency consent.

DoD contractors should build the same logic into their internal AI review process. Before any AI tool is approved for sensitive contract work, the company should understand data retention, model training, human review, support access, logging, deletion, and government data rights terms.

Incident response and reporting

If CUI is entered into an unapproved AI tool, the company should not ignore it or quietly delete the chat. The right response is to preserve relevant evidence, identify what information was exposed, determine whether the tool retained or transmitted the data, notify internal security and contracts leadership, review vendor terms, and determine whether customer notification or cyber incident reporting is required.

Practical Rules for Safe AI Use With CUI

The safest policy is not "no AI." It is controlled AI.

• Do not enter CUI into public or personal AI tools, including free chatbot accounts, browser extensions, consumer transcription tools, and unsanctioned plug-ins.
• Assume prompts and outputs are records. If the prompt contains CUI, the output may also need to be protected.
• Treat embeddings and vector databases as controlled if they are created from CUI.
• Require approved accounts and approved environments for contract performance.
• Disable model training unless explicitly approved and contractually reviewed.
• Keep humans accountable for contract, technical, compliance, personnel, and mission-impacting actions.
• Flow AI expectations to subcontractors through onboarding, subcontract language, data handling procedures, and compliance reviews.

Safe AI Use Cases for DoD Contractors

The key is not whether AI is helpful. The key is whether the workflow is approved for the data.

Building a CUI-Safe AI Architecture

A CUI-safe AI architecture should include more than an AI model. It should include identity, access control, data segmentation, audit logging, encryption, retention rules, vendor terms, monitoring, and incident response.

For many contractors, the better approach is to create separate AI lanes.

This separation gives employees a path to use AI productively without forcing every use case into the highest-risk environment.

A 90-Day Action Plan

By the end of 90 days, leadership should be able to answer five questions: Where are we using AI? What data does it touch? Who approved it? What controls protect it? What happens if something goes wrong?

The Bottom Line

DoD contractors can use AI, but they need to use it deliberately.

AI adoption should not begin with a tool demo. It should begin with the contract, the data, the security boundary, and the mission risk. The companies that succeed will be the ones that can show customers they are not just experimenting with AI, but governing it.

For contractors that handle CUI, the safest path is to separate public, internal, and controlled AI use cases; prevent shadow AI; review vendor data terms; align tools to NIST, DFARS, CMMC, and cloud requirements; and train employees with clear, practical rules.

GS Consulting helps DoD and IC-focused contractors assess AI readiness, identify safe use cases, build AI governance and cybersecurity policies, evaluate CUI risk, prepare documentation, and implement practical AI roadmaps that support growth without putting contracts or customer trust at risk.

Suggested Future Reading

• The Ultimate Guide to AI Integration in Government Contracting
• AI Procurement Regulations Every Government Contractor Should Know
• AI Disclosure in Federal Contracts: What GovCon Firms Should Prepare For
• AI & Automation in Government Contracting Insights Hub
• GovCon Cybersecurity & Compliance Hub: CMMC, NIST, CUI, Cloud, and AI-Enabled Readiness