DoD Adopts 'Defense-in-Depth' AI Governance

This layered approach is part of a broader Pentagon strategy to accelerate AI adoption by removing bureaucratic hurdles and focusing on rapid experimentation. A key enabler is the Chief Digital and Artificial Intelligence Office (CDAO), which integrates and optimizes AI capabilities across the department and is actively working to foster an ecosystem of both traditional and non-traditional industry partners. For contractors, this signals a major shift in procurement, prioritizing speed, measurable performance, and integration-readiness over traditional, checklist-driven evaluations. The demand for full explainability aligns with long-standing efforts by agencies like DARPA, whose Explainable AI (XAI) program aims to produce machine learning techniques that are understandable to human users. This move away from opaque systems requires contractors to build solutions that can detail their rationale and characterize their strengths and weaknesses. The CDAO provides a "Responsible AI Toolkit" with templates and assessment guides to help contractors align with the DoD's five tenets: Responsible, Equitable, Traceable, Reliable, and Governable. The "Defense-in-Depth" model for AI security involves multiple layers of protection across data, models, and infrastructure to ensure a resilient system. This proactive security posture is becoming a prerequisite for DoD contracts, with a focus on threat modeling, adversarial robustness testing, and comprehensive audit trails. A State Department-commissioned report titled “Defense in Depth: An Action Plan to Increase the Safety and Security of Advanced AI” has further solidified this multi-layered approach as a key strategy to mitigate national security risks. Small businesses have significant opportunities to engage in this new AI landscape. The CDAO is actively encouraging small business participation, exemplified by a 10-year, $15 billion indefinite-delivery/indefinite-quantity (IDIQ) contract to support the Advana data analytics platform. Deputy CDAO for acquisition, Bonnie Evangelista, has emphasized that companies specializing in a single, high-performing piece of the tech stack can win contracts. The Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs are key entry points for AI-focused companies. The Army has launched Direct to Phase II SBIR topics with funding up to $2 million for AI/ML solutions, such as voice-commanded autonomous maneuver for combat vehicles. NASA has also awarded SBIRs for Explainable AI in complex domains like Air Traffic Management, demonstrating a government-wide push for this technology. This push for AI is occurring alongside the "Revolutionary FAR Overhaul," a major initiative to streamline and simplify the Federal Acquisition Regulation. The overhaul aims to make federal contracting more accessible to small businesses and new entrants by removing non-statutory rules and rewriting regulations in plain language. However, the FAR overhaul also introduces new competitive dynamics. Proposed changes could increase the Simplified Acquisition Threshold to $10 million, which may remove small business set-asides for contracts within that new, higher range. While the overhaul aims to reduce bureaucracy, it also shifts some small business protections, such as the "rule of two," to be discretionary on certain contracts, creating a more complex strategic landscape. Ultimately, the DoD's AI governance and acquisition reforms are creating a more agile, but demanding, environment. The CDAO's Open DAGIR initiative, a multi-vendor ecosystem, is designed to allow both established and new contractors to integrate their solutions, preserving government data ownership while protecting industry intellectual property. Success will require contractors to master the principles of responsible, explainable, and secure AI while navigating a rapidly evolving procurement system.