AI agent adoption outruns controls in federal buys

Microsoft set Agent 365 and the Microsoft 365 E7 “Frontier” suite for general availability on May 1, 2026, and detailed the rollout in a March 20 security blog post. (microsoft.com: ) Agent 365 is described as a unified control plane that ties agent identity and lifecycle management into Microsoft Entra, applies data-protection policies via Purview, and surfaces detections into Defender XDR for automated investigation and response. (learn.microsoft.com: ) (crn.com: ) Multiple outlets reported OpenAI signed a channel partnership with Amazon Web Services to market and sell its models to U.S. federal agencies for both classified and unclassified workloads, with TechCrunch and Reuters reporting confirmation on March 17, 2026. (techcrunch.com: ) The Department of Defense filed a roughly 40‑page court brief on March 17 arguing that Anthropic’s contractual safety restrictions make the company an “unacceptable risk” because the DOD fears the vendor might alter or disable model behavior during wartime. (forbes.com: ) (techcrunch.com: ) An internal Pentagon memorandum dated March 6 ordered military components to remove Anthropic products from DoD systems within 180 days and limited exemptions to mission‑critical activities that submit comprehensive mitigation plans. (cbsnews.com: ) The GSA published a draft government AI contract clause in early March that would require contractors to grant the government an “irrevocable, royalty‑free, non‑exclusive license” allowing use of AI systems for any lawful government purpose and would hold contractors responsible for downstream service‑provider compliance. (mayerbrown.com: ) Legal and industry analyses from Thompson Hine, the Cloud Security Alliance, and Mayer Brown conclude the Anthropic dispute has already sharpened federal expectations for explicit license language, supply‑chain monitoring obligations, and vendor‑compliance clauses in AI procurements. (thompsonhine.com: ) (labs.cloudsecurityalliance.org: ) (mayerbrown.com: )