House Democrats question DHS, ICE use of surveillance tech
Democratic lawmakers are once again pushing back on the Department of Homeland Security’s expansive use of surveillance technology, with more than a dozen members of a House Oversight subcommittee expressing concern in a letter to Secretary Kristi Noem over the agency’s processes for collection and analysis of cellphone data.
The representatives pointed to recent reports of the agency procuring tools from Penlink, which is said to collect cellphone location data and allow customers to search for devices, and Paragon, a vendor known to enable access to a mobile device without the owner’s knowledge or consent.
Without guardrails, these tools introduce risks to data privacy and civil liberties, according to the signatories of the letter, which was led by Rep. Shontel Brown of Ohio, ranking member of the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation.
“Location data can reveal intimate details of a person’s life, including where they live, work, worship, go to school, or seek medical care,” the lawmakers said. “DHS could use these tools to identify individuals for targeting based solely on their presence in certain locations, without a warrant or probable cause and regardless of their citizenship or residency status.”
The 13-member group requested a briefing before March 5 to discuss internal DHS communications around the acquisition of location-based electronics surveillance, any legal justifications for surveillance without judicial or administrative warrants, DHS’s processes for storage, use and disposal of the data collected through these tools, and the process for monitoring abuses and granting data access.
“The continued acquisition of such spyware technology suggests DHS is relying on mass data collection techniques that the Department can use without cell phone users’ knowledge and which may operate outside of constitutional guardrails,” the lawmakers said in the letter. “Americans should be able to trust their government to uphold the Constitution and respect fundamental rights.”
Questions about how the agency is conducting oversight of its technology toolbelt have ramped up over the past year, especially as use in law enforcement and investigative operations expand.
DHS has increased its AI use cases by nearly 37% since July 2025, according to its latest inventory. Immigration and Customs Enforcement has driven the jump, and many of the agency’s most controversial and high-impact use cases have incomplete risk management processes.
“Trump’s ICE has been a public safety and civil rights disaster, and now we have heard reports of tools that could enable dragnet digital surveillance of entire communities,” Brown said in an accompanying press release. “DHS must immediately explain its legal authority and its privacy safeguards.”
The letter was cosigned by Reps. Yassamin Ansari of Arizona, Greg Casar of Texas, Jasmine Crockett of Texas, Ro Khanna of California, Raja Krishnamoorthi of Illinois, Stephen Lynch of Massachusetts, Dave Min of California, Eleanor Holmes Norton of D.C., Emily Randall of Washington, Lateefah Simon of California, Rashida Tlaib of Michigan, and James Walkinshaw of Virginia.
In addition to location-based electronic surveillance, lawmakers have raised concerns about the agency’s mobile biometric applications and broad data collection processes, as well as the lack of information on cybersecurity protections, retention limits and independent audits.
The agency’s watchdog office also has its eye on privacy practices at DHS.
Inspector General Joseph Cuffari launched an official audit earlier this month to determine how DHS components are collecting personally identifiable information and the extent to which the data is managed, shared and secured, according to a Feb. 5 letter published by Virginia Democratic Sens. Mark Warner and Tim Kaine.
Treasury watchdog finds poor data practices in financial crimes unit
The Treasury Department bureau in charge of fighting financial crimes hasn’t complied with applicable laws, regulations, directives, or governmentwide standards in its role managing Bank Secrecy Act data, according to a watchdog report released this week.
Treasury’s Office of Inspector General found that the Financial Crimes Enforcement Network has fallen short on a number of data protection mandates. Many of the issues cited by OIG center around FinCEN’s handling of memorandums of understanding for BSA data, including with agencies.
The BSA data overseen by FinCEN — the Treasury division tasked with combatting money laundering, terrorism financing and other illegal activity — covers everything from Suspicious Activity Reports to Currency Transaction Reports. Most BSA data filers are businesses, and roughly 88,000 records are submitted to FinCEN every day, according to the Treasury Inspector General, which conducted its audit from June 2019 through April 2024.
However, the OIG unearthed several problems with agency data transfers. The watchdog pointed specifically to Customs and Border Protection, which provides reports of currency transportation and related information to FinCEN, whose authorized employees access that data and conduct agency business based on it. Access is granted to some external users at agencies under MOUs between FinCEN and the respective agency.
In some cases, according to OIG, FinCEN failed to execute on a bulk data MOU with an agency. The watchdog found that the Office of the Comptroller of the Currency, for example, had access to bulk data for more than a decade without having a written agreement that documented the responsibilities of both parties.
“Since an MOU communicates the mutually accepted expectations of each party, failure to fully execute one can result in misunderstandings as to an agency’s responsibilities, including those regarding information security, documentation, and training, as well as limitations on re-dissemination of BSA information,” the report stated. “In 2022, FinCEN disabled OCC’s bulk data access.”
All told, OIG found that FinCEN granted “platform program access” to users from 11 agencies despite not having MOUs in place, violating standard operating procedures for BSA data. FinCEN told the watchdog that it is now developing SOPs for these instances and plans to present those agreements to the agencies in question.
The MOU issues didn’t end there. According to the report, FinCEN did not update, properly maintain or execute its BSA data MOUs, nor did it accurately track agencies that did sign those agreements. The watchdog noted that the Treasury unit did provide it in 2019 with four records that listed agencies that had BSA data access.
“However, the records were inconsistent as they each identified a different number of agencies with BSA data access because of inaccuracies, including omissions,” OIG wrote. “For example, one FinCEN record identified 13 agencies had bulk data access, while another record identified 14 agencies. However, we found that only 11 of the 13 and 14 agencies had that type of access. Additionally, one record erroneously omitted four direct access MOUs.”
The watchdog delivered 14 recommendations to FinCEN aimed at improving its management of BSA data access. The Treasury bureau agreed with those suggestions and provided corrective actions it had already taken and others it planned to pursue.
How to make Tech Force work
The Office of Personnel Management recently announced that U.S. Tech Force, starting this September, will place 1,000 fellows annually into federal agencies for one- or two-year terms, supervised by managers hired from the private sector who report to agency heads. If agencies can get them on real projects that ship products and lean into their engineering-focus, this could improve tech efforts in the government. If not, and if this fails to internalize the relevant lessons from previous government digital service efforts, it’ll be the latest round of innovation theater — a waste of money for the agencies and a waste of time for the participants.
I’ve worked at the AI Corps and in other federal technology roles. At the Department of Homeland Security, I was an AI/ML engineer on what was the largest AI team in the federal government, and prior to that, I was a data scientist and Army civilian. While the irony is not lost on me that OPM is engaging in one of the largest tech hiring efforts in federal history coming in the wake of dismantling many of those same teams — mine included — I know the world is full of irony, and I still wish anyone well who takes civil service roles to make government work better.
This administration includes people who have shown significant hostility toward civil servants and no interest in building functional government services. It also includes people who are trying to make things work — as shown in the recent data.opm.gov redesign, which interviewed users like me and was responsive to our requests.
I’m not here to tell anyone they should go work for the federal government right now. But, regardless, things are going to keep getting built. Some of it will be built well and some of it won’t, and the difference will depend partly on whether the people involved — at OPM, at the agencies, and in the Tech Force itself — make specific decisions that set these efforts up for success. That’s what this piece is about. Whether this program reflects a genuine commitment to improving government services or is primarily a branding exercise, a thousand people are going to show up at agencies in September. What happens to them depends on decisions being made right now.
I think meaningful tech expertise is woefully absent in some of the most critical parts of the public sector. And I’ve seen what makes technical efforts succeed and, more often, what makes them fail. The reality is that while many technology initiatives in the past did achieve real results — from Veterans Affairs to online immigration web forms, to brief-but-successful Direct File tax efforts — many were also innovation theater. Instead of accelerating working code and time and cost savings, many of these efforts left the programs they touched with unread reports, wasted hours of interviewed employees’ time without tangible results, and splashy press articles about culture change and the challenge of government — with little change in the actual federal services offered. This was not always their fault, but often they had the wrong organizational incentives and tools that should have enabled success.
The Tech Force also has some unique characteristics and a different focus from other similar tech talent efforts, such as the U.S. Digital Service, 18F, Civic Digital Fellows, and the AI Corps. First, the elephant in the room: There is no way the culture won’t be at least partially influenced by public impressions of the Department of Government Efficiency‘s highly controversial approach to government reform. But there are also more mundane differences: It has a decidedly engineering-heavy focus compared to other tech initiatives that traditionally include other roles like product managers and designers. It places a heavy emphasis on earlier career talent that will not stay for a long time — a two-year term seems to be a strong focus in its advertising materials, whereas even other termed roles in the other digital service teams were rarely less than four years. And it is much larger than other efforts: If Tech Force achieves its goal of 1,000 people, that will dwarf even teams like the U.S. Digital Service that reached a few hundred people at its zenith.
Setting the Tech Force — and its unique characteristics — up for success will require real work beyond just recruiting and hiring people. It may seem obvious that if there’s a deficit of tech talent in government, bringing people on will be useful. But the math isn’t that simple. Now — not when the fellows show up — is the time to figure out what this program is going to be and make sure agencies are prepared on day one. Hopefully they are already doing this but if not, here’s where to start.
Find the projects
The biggest organizational advantage the agencies can provide Tech Force is a clear purpose. What you don’t want to have, especially with a decentralized organization like Tech Force, is lots of engineers with only the mandate to “make things better.”
This is because in large organizations there are significant learning curves before staff can be meaningfully productive. The time it takes to get other staff up to speed — especially when it’s unclear how committed a transient, high-visibility group will be to a given project — gives little incentive for those same career and contract staff to invest in the relationship and knowledge building needed to let Tech Force succeed. In government, the biggest risk is often where people invest their time and who they build relationships with — so make it worth their while.
That means a clear purpose and project: “We are assigned to reducing immigration backlogs.” “We are supposed to improve AI-related cybersecurity defense in Air Force systems.” “We are tasked with improving VA call center wait time.” Something that says who in the bureaucracy needs to care about the Tech Force’s presence and roll out the welcome mat.
The clear purpose can be established two ways: on existing projects or on new ones. For the existing ones, there will be the standard requests to political appointees of projects that need support. However, this is a double-edged sword. Political appointees often have mediocre senses of timing of when to include additional tech staff in a project. Adding Tech Force too late to an existing effort can risk slowing down something that is close to completion. Too early, and there might not be any work to do and you’ll cause territorialism.
Political appointees also pick projects based on what they care about, not what’s feasible. Projects that leadership are most excited about may be the worst fits for Tech Force — big, complex, high-stakes efforts that need full product teams and multi-year timelines, not junior engineers on one- or two-year terms. Someone needs to be able to tell the secretary no. That’s partly on the managers, but it’s also on OPM to vet projects for feasibility before matching begins — not just “does this align with administration goals?” but “can engineers ship something quickly and well given the starting conditions?” Prior to managers being hired, offices requesting Tech Force support won’t know the answer to that question either. OPM needs people who can work with agencies to figure that out.
There are also “new projects.” Timed correctly, plugging in Tech Force is an easier transition. Without an existing bureaucracy working on something, as we’ll discuss later, there’s less territorialism to navigate.
Doing this project scoping could easily be a full-time role at OPM between now and September. Calls need to be put out at the agencies for ideas and the vetting needs to start as soon as possible. Getting at least some of this work done before onboarding is crucial because these are one- and two-year terms. Burning six months figuring out what someone should do eats a significant portion of their entire tenure. Also, the kinds of projects that agencies need done should inform what OPM screens for in hiring.
No matter what Tech Force does now, some of the ideas will turn out to be duds. But to whatever extent it can start to understand what might be in the pipeline, get agencies thinking about how to identify good projects, and inform the existing hiring process, the more OPM can reduce the risk of innovation theater.
Ship and own projects
After project definition, scoping the Tech Force’s role on that project is also important. Unlike many other past federal technology efforts that included other roles like product managers and designers, Tech Force seems focused on engineers.
Even with roles actually well-suited to being less “hands-on,” it’s easy in government to get stuck on projects that are advisory in nature or where you’re only embedding fellows individually into existing contractor teams. That work can sometimes be valuable, but with the engineering focus of Tech Force, unclear or advisory roles can lead the technologists to spend most of their time having opinions about other people’s code instead of writing their own. Whenever possible, Tech Force and its managers should lead the engineering efforts, architectural decisions, and development decisions of the products. When agencies offer spots for Tech Force, as much as possible, that role should be clearly defined in their requests.
Sometimes past technology efforts didn’t take ownership, in part, because they were limited by staffing and were not large enough to ensure successful delivery. But if OPM hits its goal of 1,000 program participants — and given the initial 35,000 expressions of interest, this seems possible — it should be feasible to have real development teams that are primarily made up of Tech Force participants.
Where that has happened in the past, the stories have often been successful: IRS’s Direct File tool that lets people file taxes directly with the government is a great example of this. At its height, dozens of team members from federal digital service organizations worked alongside agency counterparts. It worked because they built something — not a report about what should be built, not an assessment of existing systems, but working software that people used — and staffed it appropriately.
Another example from my own team: DHSChat, the internal generative AI system the AI Corps built at DHS in less than six months. At one point, almost a third of the AI Corps team was dedicated to it. It got built — and scaled — because the team shipped real working software that people used. And, because it was a greenfield project, there were far fewer challenges in integrating into existing agency teams or resolving the inevitable territorialism between federal partners — or the contractors working for them.
Your development environment
Even with a clear project and a clear role, Tech Force will also face another challenge: On day one, they probably won’t be able to actually deploy any software. Without necessary planning, the default computer you receive from your agency will be a brick to your average software engineer. Most government computers, of course, do not let you install any software, access a development environment, or even have resources on where to resolve those issues. And at most agencies, if you want a Mac, good luck — getting hardware that engineers need, like MacBooks for machine-learning work, can take months of procurement battles.
At the AI Corps, our leadership spent nearly nine months trying to get a headquarters deployment environment for model training and GPU cloud infrastructure set up. By the time I left, it still wasn’t operational. I heard later the project was cancelled when the office couldn’t find money to hire a contractor to work as a dedicated information system security officer — something we didn’t know we had to do many months into the project.
There are other infrastructure issues, too. Do you have git servers? What AI coding tools will fellows be allowed to use — the ones engineers actually use, like Claude Code? Or will you tell them Copilot Chat is close enough? The people you want to hire are going to expect industry-standard tools. And if you can improve tooling access for other engineers at the agency while you’re solving this for your own staff, that’s a bonus.
Working through these questions will also help with scoping projects realistically, because what’s realistic depends partly on how you solve the development environment problems.
The managers
The OPM memo says fellows will be supervised by managers hired from the private sector. Who you hire and what you teach them matters.
These managers need to understand how government technology projects work before they start. They should read Recoding America. They should talk to people who led previous digital services efforts and find out what worked and what didn’t. They should understand the basics: how systems get ATOs, how contracting works, what authorities they’ll have and which ones they won’t.
You don’t want managers whose theory of change is “we’re going to hire some good engineers and things will get better.” That’s not a theory of change. Government is full of good engineers who can’t get things done because of where they sit, what access they have, and how decisions get made. If the new managers don’t have a more sophisticated model than “talent solves problems,” they’re going to be frustrated and their teams will be ineffective.
The right managers are curious about why previous efforts succeeded or failed. They want to understand the constraints before they start pushing against them. They’re thinking about organizational dynamics, not just technical problems. And if they aren’t curious about what has or hasn’t worked in the past, they are, as the cliche goes, likely to repeat it.
The headwinds
These fellows aren’t going to work in a vacuum. To be successful, other people at the agencies — civil servants and contractors — are going to have to work with them. This is harder than it sounds.
Embedded teams that don’t report to you and do report to leadership are threatening. Everyone knows this. They’re just as likely to replace you or flag problems up the chain as they are to help. This is even worse in the government, where most technical efforts are not staffed by federal employees, but by contract teams who are usually paid based on how many hours they bill — meaning that they are incentivized to control more work themselves. Even when the contract is not structured like this, they have a strong incentive to ensure they are the primary resource of technical know-how to ensure they remain in the strongest position for future recompetes. They don’t want to be replaced.
Now, there are many great and patriotic federal IT leaders and contractors working on technology projects throughout the government, and I’ve seen their commitment to duty and mission overtake their narrow self-interest many times.
But individual virtue is not enough to overcome the fact that there are few organizational and political incentives to welcome Tech Force among either contractors or other federal civilians. A secretary’s support is helpful, but agency heads are busy, and rarely have the time to help with the thousands of minor roadblocks that teams of smart, junior engineers will face.
This brings us to a decision that is going to make all of this harder than it needed to be. The same administration launching Tech Force largely dismantled the existing network of federal digital service teams — USDS, 18F, parts of the AI Corps, and others — that represented the closest thing the government had to institutional knowledge about how to do what Tech Force is attempting. Those teams made plenty of mistakes, but they also learned, often painfully, what it takes to ship working software in a federal environment. That knowledge didn’t disappear when the teams were disbanded. It lives in the people who did the work, many of whom are now in the private sector and would be reachable if OPM made the effort.
This isn’t just a point about irony, though the irony is hard to miss. It’s a practical recommendation. OPM should be actively consulting with alumni of previous digital service efforts — not to replicate those programs, but to avoid relearning lessons that were expensive the first time around. What development environment problems did they hit? How did they handle the trust issues with career staff? Which agency projects were good fits for termed technologists and which ones weren’t? That knowledge exists. Use it.
And then there’s the trust problem — which is a problem for all the reasons it was always a problem with digital services teams in government, plus some new ones because of what happened to the civil service in 2025, which not coincidentally is why I’m no longer in government.
You don’t have to agree with the narrative that political leadership is hostile to career staff, or that Tech Force fellows might be there to spy for leadership, or that the interest in AI is primarily about eliminating jobs. But these fellows will have to work with people who believe some version of it, if they want to be effective. It’s not going to be possible to fully mitigate this. But there are things you should try.
At the AI Corps, leadership was explicit with staff at partner agencies: Fellows on projects were there to serve that agency’s mission, not report back to headquarters. That framing helped — but only because it was true, and the leadership backed it up.
For Tech Force to work, fellows need a clear mandate that they’re there to help the agency succeed — not to report on civil servants, and not to scout for workforce reductions. If that’s not actually the arrangement, people will see through it and freeze fellows out.
The opportunity
People who’ve done this work before are skeptical of Tech Force, and for good reasons. We’ve seen programs that sounded good on paper produce very little. We’ve seen talented people burn out fighting bureaucratic battles instead of building things. We’ve seen “innovation” get good press coverage and turn into nothing.
But there are better and worse versions of this. A thousand fellows annually, with real projects, working development environments, prepared managers, and a mandate to ship things — that’s a version worth trying. A thousand fellows dropped into agencies that haven’t done the prep work, managed by people who aren’t curious about understanding government, with no clear projects and no path to deployment — that’s a version that wastes everyone’s time and will only serve to prove critics right.
I’ve been asked, in various ways, why I’m writing advice for a program launched by an administration that dismantled the team I was on. The answer is simple: I care more about whether government technology works than about who gets credit or blame for it. And I’d rather be specific about what success requires than add to the chorus of people who are, understandably, skeptical.
Skepticism is warranted. But a thousand people are going to take these jobs. The agencies they walk into will either be ready or they won’t. That part is still up for grabs.
Abigail Haddad is a former artificial intelligence/machine learning engineer with the Department of Homeland Security’s AI Corps.
White House looks to pilot AI, ‘empower CISOs’ in push to improve cyber resilience
As the era of artificial intelligence stands to both increase cyber threats and aid efforts to counter them, federal government leaders are looking to bolster resilience with improved coordination, support for leaders, and new AI tools, a White House cyber official said Thursday.
During remarks at CyberTalks, Michael Duffy, the acting federal chief information security officer within the Office of Management and Budget, shared several actions federal leaders have taken recently to boost the government’s cybersecurity, calling the present technology moment “pivotal.”
“As we enter this new era defined by AI, interconnections, [and] the expanded dependencies that all of us have, we can’t wait for the next crisis to inspire our action,” Duffy said.
Existing policies were largely shaped by responses to major cybersecurity events over the last decade and don’t account for risks of the new AI era, he said. So as leaders look to adapt those practices, they must ensure that what they put in place can endure.
As a step to achieving the Trump administration’s cybersecurity goals, Duffy said he convened civilian agency cyber leaders last month in a meeting he called a “first” for the government.
That so-called “tabletop” discussion convened over 60 cyber professionals and leaders, including CISOs and security operations center directors (SOCs). Topics included protocols, procedures, overlaps, gaps, and potential weaknesses when it comes to faster and scalable attacks, among other things, he said. Already, some of the opportunities highlighted are being put into place.
“The bottom line is, cross-agency teams can no longer respond to massive cyber incidents to the federal government with sharing emails and phone calls and PDF files on threat intelligence,” Duffy said. “This is a different time. We have to make sure that we’re postured correctly to address that call.”
Additionally, leadership is looking to “empower the CISO role to make strategic decisions in a moment’s notice,” Duffy said. That includes decisions the information security professionals make for both administrative things — like budget, resources, and strategic plans — as well as “when disaster strikes.”
“In doing so, we’ll consider things like redundant, insufficient capabilities, the use of modern technologies and modernized enterprise-wide capabilities and shared services such as Continuous Diagnostics and Mitigation,” Duffy said. CDM is a program run by the Cybersecurity and Infrastructure Security Agency and provides security tools and dashboards to participating agencies.
Finally, Duffy said leaders are also working with agencies to improve cyber defense with new tech through pilots of several AI tools. A “small set” of cyber-relevant uses are currently being identified.
“We have to be proactive, highlighting what might work. Test it out. See if we can scale it from one agency to the next so that we can build the roadmap moving forward,” Duffy said.
That effort follows work by Federal CIO Greg Barbaccia to conduct a “federal AI sprint” on general uses of the technology in government, which Duffy said they’ve seen “positive progress” on. “We’re now turning our attention to cyber-specific use cases to ensure that we are ready for the threat,” he said.
Federal CIO Greg Barbaccia tapped for two leadership roles at GSA
Federal Chief Information Officer Greg Barbaccia will be adding two new titles — at least temporarily — to his work in government.
The General Services Administration announced Thursday that Barbaccia will join the agency as the acting director of Technology Transformation Services. He’ll be replacing Thomas Shedd, one of the few officials left at the agency who helped carry out the so-called Department of Government Efficiency’s cost-cutting initiative last year.
Shedd will remain at the agency as its senior advisor for fraud prevention, which the GSA said is “an area of increasing importance for the agency and the administration.”
The GSA, in a press release, touted Shedd’s leadership at TTS, including his work on “core program priorities,” such as the expansion of Login.gov and the “cleanup” of Sam.gov. The move is effective immediately, per GSA.
Shedd, who has been on an “unpaid leave of absence” from Elon Musk’s electric vehicle company Tesla since the beginning of President Donald Trump’s second term, has also served as deputy commissioner of the GSA’s Federal Acquisition Service, though it is unclear if he will remain in that role.
Barbaccia applauded TTS’s work under Shedd, writing in a statement that it has worked to “modernize how the federal government builds and delivers digital services, making interactions with government simpler, more accessible, and more efficient for the American public.”
The federal CIO was also tapped as senior advisor to the GSA administrator, the agency said. In this role, advising former privacy equity executive Edward Forst, Barbaccia will focus on “emerging technologies, best practices in digital delivery, and cross-government collaboration.” Barbaccia said his dual roles at the agency are “ensuring continuity of leadership and a strong focus on delivering value to the taxpayer.”
Forst said in a statement that “Greg brings a powerful combination of technology strategy and hands-on execution that will accelerate GSA’s mission to transform how the federal government buys, builds, and delivers digital services.”
The move is the latest in a string of shakeups for the GSA, which was once considered a DOGE stronghold under Musk early last year. Multiple DOGE-affiliated figures have departed the agency or left government in recent months, including Stephen Ehikian, who served as GSA’s acting head until last July before moving to the deputy administrator role until September.
Barbaccia, who has also identified himself as the federal chief AI officer, has repeatedly discussed GSA initiatives in his role as federal CIO. In a sit-down interview with FedScoop last December, Barbaccia shared details on the administration’s plans to reshape how the government buys cloud technology through the GSA’s 20x initiative, as well as increasing information-sharing among agencies on government contracts.
HHS’s reported AI uses soar, including pilots to address staff ‘shortage’
Reported uses of AI increased by 65% at the Department of Health and Human Services in 2025, according to the agency’s latest inventory, indicating even more widespread use of the technology as leadership simultaneously moved to reduce the workforce.
New use cases included pilots aimed at alleviating staffing shortages, multiple disclosures of so-called “agentic” tools, and an additional deployment for data related to the department’s work with unaccompanied children. Over half of the uses for 2025 are in pre-deployment or pilot phases, which means most of the applications are just getting started.
Valerie Wirtschafter, a Brookings Institution fellow focused on artificial intelligence and emerging technology, said her read on the inventory is that “there’s been a huge focus” on expansion at the agency. And HHS was already among the agencies with larger use case inventories in years past.
They’re “leaning into it,” Wirtschafter said.
The uptick in uses at HHS follows years of dramatic jumps in the health and human services agency’s reported uses of the technology. In 2023, the department’s inventory more than tripled from the previous year, and in 2024, it reported a 66% surge. The latest increase, of course, is set to the backdrop of significant change at the department and an aim by HHS Secretary Robert F. Kennedy Jr. to do “a lot more with less.”
Over the past year, the department moved to restructure bureaus and fire thousands of employees, in line with the Trump administration’s calls for agencies to reduce their footprint. At least two use cases specifically address a limited workforce as a reason for the tool.
The Office for Civil Rights disclosed pilots using both ChatGPT and Outlook CoPilot to address the problem of “staffing shortages.” ChatGPT is used for efficiency in investigations “to break down complex legal concepts in plain language and identify patterns in court [rulings] impacting Medicaid services.” Meanwhile, CoPilot is used via Westlaw for “faster correspondence with public.”
According to the inventory, both of those uses were for “law enforcement.” Neither entry included details about how specifically the generative tools were addressing workforce shortages.
HHS and OCR did not respond to FedScoop’s requests for comment to further explain some of the uses and provide additional details not included in the publication. FedScoop submitted a request through HHS’s email form and followed up with spokespeople directly. FedScoop also submitted an inquiry through OCR’s own email form.
While it’s hard to tell exactly what staffing issues OCR might be addressing and how, some generally cautioned against any uses meant to replace — rather than assist — workers.
“AI can be an important tool in any number of professions, and it can certainly have the potential to make government better and more efficient for citizens and all people,” said Cody Venzke, a senior policy counsel in the ACLU’s National Political Advocacy Department who is focused on surveillance, privacy, and technology.
That said, Venzke added: “It is not a stand in for all human decision making, and that is especially true when you are committed to breakneck downsizing of the federal government.”
Wirtschafter similarly noted that the need for uses aimed at addressing staffing shortages “seems to be a little bit of a problem, maybe of their own making.”
But Wirtschafter applauded the fact that the inventory is what provides the public with transparency into interesting uses like those at OCR. “Part of the fact that they have provided this transparency is that you can see, sort of, the problems that are attempting to be solved,” she said.
Agentic uses, Palantir, xAI
Among the other notable use cases, the Administration for Children and Families disclosed that it’s planning to use an AI system to verify identities of adults applying to sponsor unaccompanied minors in the care of its Office of Refugee Resettlement.
That use case is currently in the pre-deployment phase but is one of the department’s few “high-impact” entries, which are uses that will need to adhere to additional risk management practices to continue operating. It does not disclose the vendor.
Other tools seemed aligned with the Trump administration’s political goals. ACF disclosed that it had deployed two tools to identify position description and grants that run afoul of the president’s executive orders aimed at erasing diversity, equity, and inclusion from the federal government.
Those use cases both list Palantir as a vendor and cite “increased efficiency of review, with reduced administrative burden on staff” as reasons for the tool. Palantir — which has attracted attention for its work with Immigration and Customs Enforcement during the Trump administration — is a frequently listed vendor in HHS’s inventory, with more than 15 use cases attributed to the tech company. The majority of those use cases are within ACF.
Additionally, HHS lists multiple “agentic” AI uses for 2025.
Agentic AI is a commercially buzzy application of the technology in which specific tasks are performed autonomously or with little human intervention. While those use cases are still just a small portion of HHS’s inventory, last year there were only a handful use cases called AI agents across the entire federal government.
One of those entries is a Centers for Disease Control and Prevention pilot of OpenAI’s Deep Research. According to the disclosure, the tool is being used to help the agency process large volumes of research and data, producing report-style outputs. The entry references an internal study that found “94% of prompts resulted in successful, high-quality reports” and that most of those were completed within 30 minutes.
Other uses included an agent for Freedom of Information Act responses at Health Resources and Services Administration and an internal use case for staff questions about ethics policies at the National Institutes of Health. Both of those were pre-deployment.
Not included in the inventory: HHS’s use of xAI’s Grok as part of its recent RealFood.gov website rollout. The website, which encourages Americans to “eat real food” rather than processed food, is in line with the agency’s new dietary guidance. The page directs users to use AI to answer their health questions and links directly to Grok.
While that use of the Elon Musk-affiliated AI chatbot isn’t on the inventory, the agency did list “xAI gov” as one the services it uses for generating document first drafts and other communications, as well as for scheduling and managing social media posts. Both of those use cases were listed on a separate inventory of common commercial applications of the technology.
Room for improvement
Compared to other inventories, Wirtschafter said HHS’s publication is among the more detailed submitted by agencies for 2025 in terms of information about each use and the problems it aims to fix.
But that doesn’t mean the publication is perfect. The lack of high-impact use cases on HHS’s inventory, for example, has raised questions among advocates and researchers looking into the disclosures.
The new inventory is also difficult to compare year over year. Unlike last year’s inventory or many other inventories published this year, HHS’s new publication does not have unique identifiers for each entry. Those identifiers are generally an alphanumeric code the agency designates for each use, and without them, it’s difficult to identify new tools, particularly if the name or other details have changed.
And blank fields also leave advocates wanting more.
“Reviewing the inventories raises serious questions about the amount of transparency that is actually being provided here, because there are many, many fields that are left blank or simply are noted to be sensitive information, not for public disclosure,” Venzke said.
Specifically, Venzke pointed to the absence of public privacy impact assessments for the overwhelming majority of use cases.
Out of all of the submissions in HHS’s inventory, just one indicated where the privacy impact assessment was located. Despite being on the guidance sent to agencies by the White House Office of Management and Budget, some agencies did not include the category at all. While HHS did include it, it provides little to no information about how the agency has assessed privacy, if at all.
Agencies, by statute, are required to conduct privacy impact assessments (PIAs) for technologies that collect personally identifiable information to ensure those systems are equipped to protect that information. Those assessments are then required to be publicly accessible.
But finding public privacy impact assessments is often difficult, in part because systems can use different names and the assessments can cover multiple systems, Venzke explained. “Even just a link to the PIA provides a lot more surety for holding the government accountable,” he said.
HHS either provided no link, said the PIA was forthcoming, or said the PIA wasn’t publicly available. Venzke said that “defies the entire point of having a PIA, which is public transparency.”
For Quinn Anex-Ries, a senior policy analyst at the Center for Democracy and Technology’s equity in civic technology team, the spike in inventory size prompts questions about what the agency is doing to manage it.
“The thing that’s worth paying attention to most is, what, if anything, the agency is saying or doing to account for the fact that their total AI use has increased by such a significant degree,” Anex-Ries said. “When we look to places like their AI compliance plan and AI strategy, it’s not really clear that they did a bunch of additional groundwork to prepare the agency for their AI use to grow by such a huge margin.”
Interior Department finding momentum with modernization
The Department of Interior is taking a tech-forward approach to its contracting processes, a senior official said last week, part of an overarching agency-wide embrace of modernization.
Speaking at an Atlassian event in Washington, D.C., Interior’s Andrea Brandon said the agency has added three bots — referred to internally as Bob, Bobby and Oz — to its contracting workflows. The RPA tools are designed to ease cumbersome tasks and streamline the process, such as tracking small business goals across categories and modifying token additions, according to Brandon, Interior’s deputy assistant secretary for budget, finance, grants and acquisition.
“We are having a really good time with our bots and naming them,” Brandon said. “It actually really helps engage the workforce.”
In addition to incorporating bots in procurement and contracting processes, Interior is exploring emerging technologies, such as generative AI and blockchain, as well as building off lessons learned from other agencies. The Department of Homeland Security has a well-known procurement innovation lab that DOI has found fruitful for its own endeavors.
“We, as a federal agency, went over to their innovation lab to see what they had going on,” Brandon said. “It was a very good, collaborative experience. We can all benefit from the different things that other federal agencies have going on.”
Interior’s IT roadmap is also based on stakeholder feedback via vendor responses to requests for information, guidance from its executive steering committee and other avenues.
“We take a look at that feedback pretty regularly, and we look for consistent themes across it,” Brandon said. “It helps us build our vision for moving forward, or it helps us tweak some of the curses that we have. … If they tell us the system’s really bad and [we] really need to upgrade the system, that’s positive for us.”
The agency uses that feedback to build stronger cases for technology projects in its budget formulations.
Alignment, miscalculations
As it finds momentum with modernization, DOI is still honing internal alignment.
The agency has faced hiccups along the way. Notably, an audit found that the Interior had misclassified $40 million worth of IT purchases during fiscal years 2022 to 2024, increasing the odds of redundant purchases, breach risks and other vulnerabilities, according to the inspector general report.
When the review was released in September 2025, changes were already underway. Interior was working to centralize its IT infrastructure and compliance functions across the department, as directed by an order from the secretary posted in April.
“We’re actually getting everybody acclimated to being at headquarters level, because that’s a little different than being at the bureau level,” Brandon said of the cultural change facing workers.
Like other agencies, Interior is in the midst of an emerging tech push while feeling the pressure to do more with less, cut costs and unlock efficiencies.
The agency lost more than 6,000 workers last year, and it has seen its workforce reduced by another 7,400 in the first two months of this year, according to OPM’s federal workforce data. Of those, more than 500 held an IT management position.
A number of the 200-plus use cases listed in the agency’s AI inventory are said to help lower costs or lessen manual labor needs. One tool identified by the DOI is being used to inspect and remove blank pages associated with litigation preparation, aiming to lower costs for records storage and removing the need for staff to complete the task. Another use case is said to have “reduced manual labor cost” via AI-powered identification of responsive documents.
Brandon said the agency is “on top of” the qualitative type of measurements needed to track success of investments in IT, but there is room for improvement elsewhere.
“As far as quantitative, like looking for key performance indicators and actually measuring them, I don’t know that anywhere is quite there yet,” Brandon said. “That’s something we need to address.”
House bill seeks AI workforce tax credits, agency-led outreach
A pair of House lawmakers want a new tax credit for artificial intelligence workforce training — and an agency-led push to make sure companies take advantage of it.
The AI Workforce Training Act from Reps. Josh Gottheimer, D-N.J., and Mike Lawler, R-N.Y., would amend the Internal Revenue Code so that companies can claim a tax credit if they offer various AI career development programs.
“AI is already changing how we work and that transformation will keep getting faster, and we can’t let the American worker get left behind,” Gottheimer, co-chair of the House Commission on Artificial Intelligence and the Innovation Economy, said in a press release Wednesday.
“Change is coming,” he continued, “and if we want America to continue to lead the world in AI innovation, we need to make sure American workers are ready for the jobs of the future. This bipartisan bill will help workers build critical AI skills, boost productivity, and strengthen our economy — all while keeping the United States at the front of the pack.”
Per the bill text, companies could claim a tax credit equivalent to 30% of qualified expenses to train employees on how to use, manage and build AI systems. The credit would be capped at $2,500 per employee annually.
Expenses covered by the legislation include accredited courses, certificate programs and workshops. In-house instruction on topics such as AI ethics, data literacy, machine-learning fundamentals and prompt engineering would also be eligible for the tax credit.
To get the word out about the tax credit, the Commerce, Labor and Treasury departments would be tasked with developing and launching a public awareness campaign. The agency-run outreach would include informational webinars, publications, and multilingual materials distributed through small business development centers, trade groups and job boards.
“If quantum computing and AI are the future, our workforce can’t be left behind,” Lawler said in the press release. “This workforce tax credit gives them the training they need to compete for the high-paying tech jobs of tomorrow, right here at home.”
The legislation from Gottheimer and Lawler follows a string of AI workforce-related bills introduced at the end of last year, including a bipartisan, bicameral effort to help agencies recruit and retain AI talent; a push from Senate Democrats to get Commerce, Education and Labor to study AI’s effect on the workforce; and a bipartisan Senate attempt to put DOL at the center of an AI workforce research hub.
FAA, DOD data silos were partly to blame for last year’s DCA crash
Inadequate information-sharing and deficient data practices across the Federal Aviation Administration and Department of Defense were to blame, in part, for the midair collision near Ronald Reagan Washington National Airport last year, according to the National Transportation Safety Board’s final report.
NTSB found that the FAA’s Air Traffic Organization was “made aware of and had multiple opportunities to identify the risk of a midair collision between airplanes and helicopters,” yet insufficient data analysis, safety assurance systems and risk assessment processes “failed to recognize and mitigate.”
While the Army was “unaware” of certain risks tied to DCA due to a nonexistent flight safety data-monitoring program for its helicopters, NTSB also found the Army had a weak safety management system that failed to consistently detect hazards.
“The limited access to and use of available objective and subjective proximity data hindered industry and government stakeholders’ ability to identify hazards and mitigate risk,” NTSB said in its report.
As part of NTSB’s analysis, the watchdog had 50 to 60 staff members on the investigation, who gathered 19,000 pages of evidence, Jennifer Homendy, chairwoman of the NTSB, testified during a Senate hearing Thursday. The collision, ultimately, was preventable, she said.
“Now that our investigation has concluded, I can say without a shadow of a doubt that we’ve seen this before,” Homendy said. “We’ve investigated similar midair collisions going back decades, and we’ve issued safety recommendations, like [Automatic Dependent Surveillance–Broadcast], over and over and over again aimed at preventing these kinds of collisions, recommendations that have been rejected, sidelined or just plain ignored.”
NTSB ran into its own hurdles while trying to gather data from the FAA, Homendy added, pointing to denied access to reports and a poor safety culture within the organization.
“Throughout our investigation, we found numerous people who were afraid to talk to us,” Homendy said. “At our own hearing, I had to get everyone to commit not to retaliate — still, that occured.”
The NTSB recommended the FAA improve its data analysis and share that data with external stakeholders, such as other federal agencies or private-sector airline companies.
“They are not doing what we have recommended, and what we have been urging them to do the entire time, which is not only evaluate their data — which they’re starting to do now — but to develop a simple definition of what a close call is,” Homendy said.
The FAA is facing criticism amid a major overhaul of its air traffic control system, which could end up costing upwards of $30 billion.
“Applying the hard lessons we’ve learned from the DCA accident, the FAA safety team identified controller workload and system demand as emerging risk factors, and as a response to this increased risk, we temporarily reduced operations,” FAA Administrator Bryan Bedford told lawmakers in December. At the time, the senior official said an agentwide safety management system enabling quicker reactions and analysis of incidents was on the priority list.
The DCA collision report also comes mere days after U.S. Customs and Border Protection personnel shot down an object near El Paso, Texas, in what has become the latest signal of interagency friction between the DOD and FAA. In a confusing twist of events, the FAA posted a flight restriction notice for “special security reasons” that ended within hours despite being expected to last until Feb. 21.
“There has been miscommunication, or no communication, between at least the Army and FAA for years,” Homendy said.
In an emailed statement, Army spokesperson Maj. Montrell Russell thanked Homendy and NTSB investigators, and said the “Army remains committed to collaborating closely with the NTSB, FAA, and other federal partners to support lasting improvements in aviation safety that honor those who were lost.”
A Department of Transportation spokesperson said in an emailed statement that the FAA “values and appreciates the NTSB’s expertise and input” and it has “acted immediately to implement urgent safety recommendations it issued in March 2025. ” The agency added that it will “diligently” consider additional recommendations.
In a post to X, Transportation Secretary Sean Duffy positioned the incident as a collaborative effort. “The FAA and DOW acted swiftly to address a cartel drone incursion,” he said.
Despite Duffy’s assertions, skeptics remain.
“The FAA is saying that we’re going to shut down airspace for 10 days, and then another agency is saying something different,” Sen. Maria Cantwell, D-Wash., said during the hearing. “It just seems to me that we have a real problem of coordination between DOD and FAA.”
Codifying NTSB recommendations
In addition to requesting an interagency briefing, lawmakers reaffirmed their desire to pass the Rotorcraft Operations Transparency and Oversight Reform Act during the hearing Thursday.
The Senate unanimously passed the bill in December and it has been in the hands of the House since. Leaders of the Senate Committee on Commerce, Science and Transportation pushed for the ROTOR Act to be included in this year’s appropriations package, but the request was ignored.
“While the ROTOR Act addresses critical safety shortfalls and loopholes that contributed to the DCA mid-air collision, the safety enhancements will apply nationwide,” the senators said in a letter to Majority Leader John Thune of South Dakota, Minority Leader Chuck Schumer of New York and others.
The legislation has garnered support from the Department of Transportation, the FAA, NTSB, and the DOD. The ROTOR Act codifies many of the NTSB recommendations, according to the chairs of the committee.
“I’ve heard some faint grumbling from stakeholders and others who want to put the same kind of loopholes into the ROTOR Act that caused the DCA crash,” Senate Commerce Committee Chairman Ted Cruz, R-Texas, said during the hearing. “Some want exemptions for private jets, while a few airlines quietly carp about the cost of safety enhancing technology. These criticisms aren’t valid, and they are frankly disturbing.”
Homendy said American Airlines spent around $50,000 per plane to retrofit it with the automated, satellite-based broadcasts. Boeing offers the tech on new planes, as well as Airbus and Gulf Stream, she added.
“It is possible; the technology is available,” Homendy said. “We should not have to be here, and we wouldn’t be if the NTSB warnings had been heeded.”
This story was updated Feb. 18 with comments from a DOD spokesperson and Feb. 19 with comments from DOT.
SEC chair considers ‘innovation exemption’ for in-house AI testing
The Securities and Exchange Commission is eyeing artificial intelligence sandboxes for entrepreneurs focused on “investor protection,” the regulator’s chief told lawmakers last week.
During a Senate Banking Committee hearing, Sen. Mike Rounds, R-S.D., asked Chair Paul Atkins if his bipartisan bill to establish enforcement-free AI testing at financial regulatory agencies would “give the SEC the tools it needs to foster responsible AI innovation.”
The Unleashing AI Innovation in Financial Services Act from Sens. Rounds, Martin Heinrich, D-N.M., Thom Tillis, R-N.C., and Andy Kim, D-N.J., would direct the SEC, the Federal Reserve, the Consumer Financial Protection Bureau and other federal financial agencies to create in-house AI innovation labs. The agency-run sandboxes would allow for testing of AI projects “without unnecessary or unduly burdensome regulation or expectation of enforcement actions,” per the bill text.
Atkins told Rounds he hadn’t yet reviewed the legislation, but he’s on board with the bill’s “premise” and has been mulling over a similar idea.
“I’ve been talking about an innovation exemption, to begin at the SEC, to allow entrepreneurs in a sandbox-like environment that’s … cabined, time-limited, transparent, flexible, and then focused on investor protection,” Atkins said. “So all of those principles, I think, are important, and to allow people to try different things in a particular environment and then prove their concept.”
Rounds noted in his questioning that the White House’s AI Action Plan has an explicit callout for the creation of “regulatory sandboxes” at agencies, including the SEC. Those sandboxes would be supported by the Department of Commerce via the National Institute of Standards and Technology’s AI evaluation initiatives, per the strategy document.
“This venue would allow SEC-regulated entities such as broker-dealers, investment advisers to test new AI tools under structured oversight,” Rounds said.
It remains to be seen whether Rounds’ bill moves forward in the Senate, and whether Atkins’ “innovation exemption” idea comes to pass. But the SEC already has some seemingly small-scale sandbox experience, according to its recently released AI use case inventory.
The SEC’s Office of Human Resources has deployed what it calls a “Training Conversation Tool” built by the AI management platform Skillsoft. The tool uses natural language processing to improve “communication and collaboration skills of the SEC workforce” — but is listed as “a training sandbox only.”
Later in the hearing, Atkins was pressed by Sen. Mark Warner on agentic AI and whether the SEC believes banks and broker-dealers have proper guardrails in place to make sure autonomous tools of that kind don’t “commit a malfeasance or something illegal.” The Virginia Democrat added that there’s “bipartisan interest in helping on this.”
Atkins said he shared Warner’s concerns, but “people are still experimenting” with the technology, so it’s probably too early to tell what’s happening “with respect to broker-dealers or anything else.” But Valerie Szczepanik, the SEC’s chief AI officer, is looking at AI tools that can help with enforcement, corporate finance reviews and other areas, Atkins said.
“So whichever way this technology grows and changes, I think we have to be very attuned to those potential problems,” Atkins said.