{"id":19,"date":"2026-07-11T01:30:05","date_gmt":"2026-07-11T01:30:05","guid":{"rendered":"https:\/\/maxinefilmes.com\/odelator\/federal-government-ai-cautionary-tales\/"},"modified":"2026-07-11T09:35:47","modified_gmt":"2026-07-11T09:35:47","slug":"federal-government-ai-cautionary-tales","status":"publish","type":"post","link":"https:\/\/maxinefilmes.com\/odelator\/federal-government-ai-cautionary-tales\/","title":{"rendered":"The Federal Government Is Rushing Toward AI. Our Reporting Offers Three Cautionary Tales."},"content":{"rendered":"\n<article class=\"wp-block-group p-grid-text-container is-layout-flow wp-block-group-is-layout-flow\">\n<header class=\"wp-block-group entry-header is-layout-flow wp-container-core-group-is-layout-3ce78d47 wp-block-group-is-layout-flow\"><div class=\"wp-block-propublica-opener\">\n\t\n<div class=\"wp-block-group p-opener p-opener--small p-opener--left p-opener--order-hed-art-dek is-layout-flow wp-container-core-group-is-layout-a77db08e wp-block-group-is-layout-flow\">\n\t\t\t\n\t\t<div class=\"wp-block-group p-opener__art-wrapper is-layout-flow wp-container-core-group-is-layout-a77db08e wp-block-group-is-layout-flow\">\n\t\t\t\n\t<figure>\n\t\t<img\n\t\t\tclass=\"p-opener__art\"\n\t\t\talt=\"A large dark cloud floats above the White House.\"\n\t\t\twidth=\"1149\"\n\t\t\theight=\"723\"\n\t\t\tsrc=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?w=1149\"\n\t\t\tsrcset=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg 5551w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=300,189 300w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=768,484 768w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=1024,645 1024w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=1536,967 1536w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=2048,1289 2048w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=863,543 863w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=422,266 422w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=552,348 552w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=558,351 558w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=527,332 527w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=752,473 752w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=1149,723 1149w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=2000,1259 2000w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=400,252 400w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=800,504 800w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=1200,756 1200w, https:\/\/www.propublica.org\/wp-content\/uploads\/2026\/03\/GettyImages-2162550957.jpg?resize=1600,1007 1600w\"\n\t\t\t\t\t\t\tsizes=\"(max-width: 60em) 100vw, (min-width: 1400px) 800px, 50vw\"\n\t\t\t\t\t\tstyle=\"object-position: 50% 50%;\"\t\t\tfetchpriority=\"high\"\n\t\t\/>\n\n\t\t\t\t\t<figcaption class=\"p-attribution\">\n\t\t\t\t\t\t\t\t\t<span class=\"p-attribution__caption\">\n\t\t\t\t\tPresident Donald Trump and his Cabinet say AI will transform the nation, making us more prosperous, efficient and secure. The messaging mirrors that of past administrations as they adopted emerging technology such as cloud computing.\n\t\t\t\t\t<\/span>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<span class=\"p-attribution__credit\">\n                        Kevin Dietsch\/Getty Images\n                    <\/span>\n\t\t\t\t\t\t\t<\/figcaption>\n\t\t\t<\/figure>\n\n\t\t<\/div>\n\t\t\n\t\n\t\n\t<div class=\"wp-block-group p-opener__topic-title-dek-wrapper is-layout-flow wp-block-group-is-layout-flow\">\n\t\t\n<p class=\"p-opener__series wp-block-propublica-primary-term\">\n\t\t\t<a href=\"https:\/\/www.propublica.org\/series\/zero-trust\" class=\"wp-block-propublica-primary-term__link p-opener__series-link\">\n\t\t\tZero Trust\t\t<\/a>\n\t\t<\/p>\n\n\n\t\t<h1 class=\"p-opener__hed  wp-block-post-title\">The Federal Government Is Rushing Toward AI. Our Reporting Offers Three Cautionary Tales.<\/h1>\n\n\t\t\t\t\t\n<h2 class=\"p-opener__dek wp-block-propublica-dek\">\n\tWe\u2019ve been reporting on cybersecurity for years. As President Donald Trump and his Cabinet say artificial intelligence will transform the nation, the messaging isn\u2019t new. It follows a familiar pattern.<\/h2>\n\n\t\t\t<\/div>\n\t\n<\/div>\n\n\n<div class=\"wp-block-group p-article-meta-1 p-article-meta-1--left is-layout-flow wp-block-group-is-layout-flow\">\n\t\t\t<div class=\"p-article-meta-1__byline wp-block-propublica-byline\">\n\t\t\t<div class=\"wp-block-propublica-byline__photos\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.propublica.org\/people\/renee-dudley\" aria-hidden=\"true\" tabindex=\"-1\" class=\"wp-block-propublica-byline__photo-link\">\n\t\t\t\t\t<img\n\t\t\t\t\t\tsrc=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/02\/renee-dudley.jpg?w=50\"\n\t\t\t\t\t\tsrcset=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/02\/renee-dudley.jpg?w=50 1x, https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/02\/renee-dudley.jpg?w=100 2x\"\n\t\t\t\t\t\talt=\"\"\n\t\t\t\t\t\tclass=\"wp-block-propublica-byline__photo\"\n\t\t\t\t\t\twidth=\"50\"\n\t\t\t\t\t\theight=\"50\"\n\t\t\t\t\t\/>\n\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t<div class=\"wp-block-propublica-byline__right\">\n\t\t<div class=\"wp-block-propublica-byline__content\">\n\t\t\t<span class=\"wp-block-propublica-byline-text\">by <\/span><span class=\"wp-block-propublica-byline-profile\"><a href=\"https:\/\/www.propublica.org\/people\/renee-dudley\">Renee Dudley<\/a><\/span>\t\t<\/div>\n\t\t\t<\/div>\n<\/div>\n\n\n\t\t<div class=\"p-article-meta-1__pubdate wp-block-post-date\"><time datetime=\"2026-04-06T05:00:00-04:00\">April 6, 2026, 5:00 am<\/time><\/div>\n\t\n\t\n\t<div class=\"wp-block-group p-article-meta-1__section-actions p-article-meta-1__section-actions--left is-layout-flow wp-block-group-is-layout-flow\">\n\t\t\n\t\t<div class=\"wp-block-group p-article-meta-1__section-actions-container is-nowrap is-layout-flex wp-container-core-group-is-layout-6c531013 wp-block-group-is-layout-flex\">\n\t\t\t<div class=\"wp-block-propublica-news-over-audio-listen-button\">\n\t\t\n\t\t<div class=\"wp-block-buttons is-layout-flex wp-container-core-buttons-is-layout-b7003702 wp-block-buttons-is-layout-flex\">\n\t\t\t\t\n\t\t<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link wp-element-button\" href=\"#news-over-audio-player\">\n\t\t\t<svg aria-hidden=\"true\" focusable=\"false\" width=\"20\" height=\"20\" class=\"icon\"><use href=\"#am-symbol-play\"><\/use><\/svg>\n\t\t\t<span class=\"wp-block-propublica-news-over-audio-listen-button__label\">Listen<\/span>\n\t\t\t<span class=\"wp-block-propublica-news-over-audio-listen-button__timestamp\">08:39<\/span>\n\t\t<\/a><\/div>\n\t\n\t\t<\/div>\n\t\t<div class=\"news-over-audio-player__super-wrapper\">\n\t\t<div class=\"news-over-audio-player__wrapper\">\n\t\t\t<div class=\"news-over-audio-player__loading-animation\">\n\t\t\t<svg aria-hidden=\"true\" focusable=\"false\" width=\"24\" height=\"24\" class=\"icon\"><use href=\"#am-symbol-loader\"><\/use><\/svg>\t\t\t<\/div>\n\t\t\t<iframe\n\t\t\t\tsrc=\"about:blank\"\n\t\t\t\tid=\"news-over-audio-player\"\n\t\t\t\twidth=\"292\"\n\t\t\t\theight=\"204\"\n\t\t\t\tscrolling=\"no\"\n\t\t\t\tframeborder=\"0\"\n\t\t\t\tclass=\"news-over-audio-player\"\n\t\t\t\treferrerpolicy=\"strict-origin-when-cross-origin\"\n\t\t\t\tdata-play-url=\"https:\/\/embed-player.newsoveraudio.com\/v6?key=U5u4k53XOI9fy337Nd4R3ueC6n5dz038&#038;id=https%3A%2F%2Fwww.propublica.org%2Farticle%2Ffederal-government-ai-cautionary-tales\"\n\t\t\t><\/iframe>\n\t\t<\/div>\n\t\t<div class=\"news-over-audio-player__close-button\" aria-label=\"Close\">\n\t\t<svg aria-hidden=\"true\" focusable=\"false\" width=\"24\" height=\"24\"><use href=\"#am-symbol-close\"><\/use><\/svg>\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\t\t\t\n\n\t\t\t\n\n\t\t\t\n                <script type=\"application\/json\" class=\"svelte-config\">\n                    {\"componentName\":\"ShareToolsRebrand\",\"props\":{\"pageTitle\":\"The Federal Government Is Rushing Toward AI. Our Reporting Offers Three Cautionary Tales.\",\"pageUrl\":\"https:\/\/www.propublica.org\/article\/federal-government-ai-cautionary-tales\"},\"contextArray\":[]}\n                <\/script>\n                <div style=\"display: contents\">\n                    <!--[--><div class=\"share-tools\" data-pp-click=\"\" data-pp-location=\"share tools\"><!--[--><!--[--><!--$s1--><!--[0--><div class=\"svelte-1ear6bd button--circle\" style=\"display: contents; --button-bg-color: var(--p-dyn-color-white); --button-text-color: var(--p-dyn-color-gray-05); --button-border: 1px solid var(--p-dyn-color-gray-01); --button-font-size: var(--p-scale-4);\"><!--[--><!----><button data-button-root=\"true\" type=\"button\" tabindex=\"0\" id=\"bits-s1\" aria-haspopup=\"dialog\" aria-expanded=\"false\" data-state=\"closed\" data-popover-trigger=\"\" aria-label=\"Share\"><span aria-hidden=\"true\" style=\"display: contents\"><svg viewBox=\"0 0 24 24\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><g clip-path=\"url(#clip0_149_321)\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M4 11C4.55228 11 5 11.4477 5 12V20C5 20.2652 5.10536 20.5196 5.29289 20.7071C5.48043 20.8946 5.73478 21 6 21H18C18.2652 21 18.5196 20.8946 18.7071 20.7071C18.8946 20.5196 19 20.2652 19 20V12C19 11.4477 19.4477 11 20 11C20.5523 11 21 11.4477 21 12V20C21 20.7957 20.6839 21.5587 20.1213 22.1213C19.5587 22.6839 18.7957 23 18 23H6C5.20435 23 4.44129 22.6839 3.87868 22.1213C3.31607 21.5587 3 20.7956 3 20V12C3 11.4477 3.44772 11 4 11Z\" fill=\"currentColor\"><\/path><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M11.2929 1.29289C11.6834 0.902369 12.3166 0.902369 12.7071 1.29289L16.7071 5.29289C17.0976 5.68342 17.0976 6.31658 16.7071 6.70711C16.3166 7.09763 15.6834 7.09763 15.2929 6.70711L12 3.41421L8.70711 6.70711C8.31658 7.09763 7.68342 7.09763 7.29289 6.70711C6.90237 6.31658 6.90237 5.68342 7.29289 5.29289L11.2929 1.29289Z\" fill=\"currentColor\"><\/path><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M12 1C12.5523 1 13 1.44772 13 2V15C13 15.5523 12.5523 16 12 16C11.4477 16 11 15.5523 11 15V2C11 1.44772 11.4477 1 12 1Z\" fill=\"currentColor\"><\/path><\/g><defs><clipPath id=\"clip0_149_321\"><rect width=\"24\" height=\"24\" fill=\"white\"><\/rect><\/clipPath><\/defs><\/svg><!----><\/span><!----><!----><\/button><!----><!--]--><\/div><!----><!--]--><!----><!--]--> <!--[--><!--[-1--><!--]--><!--]--><!----><!----><!--]--><\/div><!--]-->\n                <\/div>\n            \n\n\t\t\t\n                <script type=\"application\/json\" class=\"svelte-config\">\n                    {\"componentName\":\"DarkModeToggleRebrand\",\"props\":{},\"contextArray\":[]}\n                <\/script>\n                <div style=\"display: contents\">\n                    <!--[--><div class=\"dark-mode-toggle svelte-1l6vey\"><div class=\"svelte-1ear6bd button--circle\" style=\"display: contents; --button-bg-color: var(--p-color-page-bg); --button-text-color: var(--p-dyn-color-gray-05); --button-border: 1px solid var(--p-dyn-color-gray-01); --button-font-size: var(--p-scale-4);\"><!--[--><!----><button data-button-root=\"true\" tabindex=\"-1\" aria-hidden=\"true\"><span aria-hidden=\"true\"><!--[-1--><svg role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><title>Contrast<\/title><circle cx=\"12\" cy=\"12\" r=\"10\"><\/circle><path fill=\"currentColor\" d=\"M12 18a6 6 0 000-12v12z\"><\/path><\/svg><!--]--><\/span><!----><!----><\/button><!----><!--]--><\/div><!----> <label class=\"p-a11y\" for=\"dark-mode-toggle__select\">Change Appearance<\/label> <select class=\"dark-mode-toggle__select svelte-1l6vey\" id=\"dark-mode-toggle__select\" data-pp-change=\"true\" data-pp-category=\"change-mode\"><!--[--><option value=\"auto\" selected=\"\">Auto<\/option><option value=\"light\">Light<\/option><option value=\"dark\">Dark<\/option><!--]--><\/select><\/div><!--]-->\n                <\/div>\n            \n\t\t<\/div>\n\t\t\n\t<\/div>\n\t\n<\/div>\n\n<\/div>\n<\/header>\n\n\n\n<div class=\"wp-block-group article-body is-layout-flow wp-block-group-is-layout-flow\">\n\n<aside class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\"><div class=\"wp-block-propublica-notes--top wp-block-propublica-notes\">\n\t<div class=\"wp-block-propublica-note\">\n\t\n\n<p>ProPublica is a nonprofit newsroom that investigates abuses of power. <a href=\"https:\/\/www.propublica.org\/newsletters\/dispatches?source=%25source%25\">Sign up for Dispatches<\/a>, a newsletter that spotlights wrongdoing around the country, to receive our stories in your inbox every week.<\/p>\n\n<\/div>\n<\/div>\n<\/aside>\n\n\n<div class=\"entry-content wp-block-post-content is-layout-flow wp-block-post-content-is-layout-flow\">\n<p>As a cybersecurity reporter at ProPublica, <a href=\"https:\/\/www.propublica.org\/series\/zero-trust\">much of my work<\/a> over the past two years has focused on how the federal government and its IT contractors, like Microsoft, have navigated major technological transitions. The one now in the news every day is artificial intelligence.&nbsp;<\/p>\n\n\n\n<p>This emerging technology has its grip on everyone: Home users, corporations and the federal government are all rushing to use it. President Donald Trump and his Cabinet say AI will transform the nation, making us more prosperous, efficient and secure \u2014 if only we can adopt it fast enough.&nbsp;<\/p>\n\n\n\n<p>But this messaging isn\u2019t new. President Barack Obama\u2019s administration used nearly identical language a decade and a half ago as the U.S. barreled into the technological revolution of cloud computing.<\/p>\n\n\n\n<p>I\u2019ve studied how the federal government has handled \u2014 and mishandled \u2014 this transition over the past two decades, and my reporting offers some cautionary tales and valuable lessons as policymakers encourage the use of AI and federal agencies adopt the technology.<\/p>\n\n\n\n<h3 class=\"wp-block-heading is-style-explanatory-hed is-style-explanatory-hed--1\" id=\"h-lesson-1-there-s-no-such-thing-as-a-free-lunch-nbsp\">Lesson 1: There\u2019s no such thing as a free lunch&nbsp;<\/h3>\n\n\n\n<p><strong>Then:<\/strong> In the early 2020s, a series of cyberattacks linked to Russia, China and Iran left the federal government reeling. The Biden administration called on major tech companies to help the U.S. bolster its defenses. In response, Microsoft CEO Satya Nadella <a href=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/09\/23\/microsoft-expands-on-cybersecurity-commitments-for-u-s-government-agencies\/\">pledged to give the government<\/a> $150 million in technical services to help upgrade its digital security. It also offered a \u201cfree\u201d security upgrade for government customers.<\/p>\n\n\n\n<p><strong>Now:<\/strong> Last year, the Trump administration announced a raft of agreements with tech companies that were meant to help federal agencies \u201cpurchase enterprise AI tools <a href=\"https:\/\/www.gsa.gov\/technology\/government-it-initiatives\/artificial-intelligence\/buy-ai\">at government-friendly pricing<\/a>.\u201d Agencies could use OpenAI\u2019s ChatGPT for $1. Google\u2019s Gemini for 47 cents. Grok by xAI for 42 cents. The administration hoped that the low-cost pricing would make it \u201ceasier for federal teams to acquire powerful AI capabilities \u2026 to enhance mission delivery and operational efficiency.\u201d<\/p>\n<div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\">\n\t<div id=\"bsa-zone_1760102005055-6_123456\"><\/div>\n<\/div>\n\n\n\n<p><strong>The takeaway:<\/strong> Be wary of freebies. <a href=\"https:\/\/www.propublica.org\/article\/microsoft-white-house-offer-cybersecurity-biden-nadella\">Our investigation into Microsoft\u2019s seemingly straightforward commitment<\/a> revealed a more complex, profit-driven agenda. After installing the upgrades, federal customers would be effectively locked in, because shifting to a competitor after the free trial would be cumbersome and costly. At that point, the customer would have little choice but to pay for the higher subscription fees. The plan worked: One former Microsoft salesperson told me \u201cit was successful beyond what any of us could have imagined.\u201d In response to questions about the commitment, Microsoft has said its \u201csole goal during this period was to support an urgent request by the Administration to enhance the security posture of federal agencies who were continuously being targeted by sophisticated nation-state threat actors.\u201d<\/p>\n\n\n\n<p>Agencies looking to buy AI tools at discounted rates today must consider how the costs might balloon down the road. The General Services Administration warns that AI \u201cusage costs can grow quickly without proper monitoring and management controls\u201d and advises agencies to \u201cset usage limits and regularly review consumption reports.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading is-style-explanatory-hed is-style-explanatory-hed--2\" id=\"h-lesson-2-oversight-programs-are-only-as-effective-as-their-resources\">Lesson 2: Oversight programs are only as effective as their resources<\/h3>\n\n\n\n<p><strong>Then:<\/strong> In the Obama era, the federal government shifted its sensitive information and computing needs to data centers owned and operated by private companies. Acknowledging the potential risks, the administration created the Federal Risk and Authorization Management Program, or FedRAMP, in 2011 to help ensure the security of the cloud computing services that it was encouraging U.S. agencies to use.<\/p>\n\n\n\n<p>But in <a href=\"https:\/\/www.propublica.org\/article\/microsoft-cloud-fedramp-cybersecurity-government\">my recent investigation of the program<\/a>, I found it was no match for Microsoft, which effectively wore down the FedRAMP team over five years as the company sought the program\u2019s seal of approval for a major cloud offering known as GCC High. Despite serious reservations about its cybersecurity, FedRAMP ultimately authorized the product, in part because it lacked the resources to keep going. In response to questions, Microsoft told me: \u201cWe stand by our products and the comprehensive steps we\u2019ve taken to ensure all FedRAMP-authorized products meet the security and compliance requirements necessary.\u201d<\/p>\n\n\n\n<p><strong>Now:<\/strong> Today, this tiny outpost within the General Services Administration has even fewer resources to oversee the cloud technology on which the government relies \u2014 including AI. FedRAMP says it now operates \u201cwith an absolute minimum of support staff\u201d and \u201climited customer service.\u201d The program was an early target of the Trump administration\u2019s Department of Government Efficiency.&nbsp;<\/p>\n\n\n\n<p><strong>The takeaway:<\/strong> FedRAMP, which a 2024 White House <a href=\"https:\/\/bidenwhitehouse.archives.gov\/omb\/management\/ofcio\/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp\/\">memo<\/a> said &#8220;must be an expert program that can analyze and validate the security claims&#8221; of cloud providers, is now little more than a rubber stamp for the tech industry, former employees told me. As federal agencies adopt AI tools that draw upon reams of sensitive information, the implications of this downsizing for federal cybersecurity are far-reaching. A GSA spokesperson defended the program and said FedRAMP now \u201coperates with strengthened oversight and accountability mechanisms.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading is-style-explanatory-hed is-style-explanatory-hed--3\" id=\"h-lesson-3-independent-reviews-are-only-so-independent-nbsp-nbsp\">Lesson 3: \u201cIndependent\u201d reviews are only so independent&nbsp;&nbsp;<\/h3>\n\n\n\n<p><strong>Then:<\/strong> The government has long relied on so-called third-party assessors to verify the security claims made by cloud service providers like Microsoft and Google. In theory, these firms are supposed to be independent experts that offer a recommendation to FedRAMP on whether a product meets federal standards. But in practice, their independence has an asterisk: They are paid by the companies they are evaluating.<\/p>\n\n\n\n<p>My recent investigation found that this setup creates an inherent conflict of interest. In the case of Microsoft\u2019s GCC High, two assessors recommended the product despite being unable to fully vet it, according to a former FedRAMP reviewer. One of those firms did not respond to my questions and the other denied this account.<\/p>\n\n\n\n<div class=\"wp-block-propublica-lead-in bb--size-small-right p-bb--size-small-right\">\n<h3 class=\"wp-block-heading\" id=\"h-read-more\">Read More<\/h3>\n\n\n\n<p><\/p>\n\n\n<div class=\"wp-block-propublica-story-promo\">\n\t<a href=\"https:\/\/www.propublica.org\/article\/microsoft-cloud-fedramp-cybersecurity-government\" class=\"story-promo\">\n\t\t\t\t<div class=\"story-promo__art\">\n\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"459\" height=\"306\" src=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?w=459&amp;h=306&amp;crop=1\" class=\"attachment-propublica-story-promo size-propublica-story-promo wp-post-image\" alt=\"\" srcset=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg 3000w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=300,200 300w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=768,512 768w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=1024,683 1024w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=1536,1024 1536w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=2048,1365 2048w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=863,575 863w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=422,281 422w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=552,368 552w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=558,372 558w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=527,351 527w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=752,501 752w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=1149,766 1149w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=459,306 459w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=2000,1333 2000w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=400,267 400w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=800,533 800w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=1200,800 1200w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/12\/20260225-Gordon-fed-ramp-tech-project-3x2_maxHeight_3000_maxWidth_3000.jpg?resize=1600,1067 1600w\" sizes=\"(max-width: 459px) 100vw, 459px\" js-autosizes=\"true\" \/>\t\t<\/div>\n\t\t\t\t<div class=\"story-promo__info\">\n\t\t\t<strong class=\"story-promo__hed\">Federal Cyber Experts Thought Microsoft\u2019s Cloud Was \u201ca Pile of Shit.\u201d They Approved It Anyway.<\/strong>\n\t\t<\/div>\n\t<\/a>\n<\/div>\n<\/div>\n\n\n\n<p>FedRAMP, we found, is well aware of how the financial arrangement between the cloud companies and their assessors can distort official findings about cybersecurity problems. The program even created a \u201cback channel\u201d to encourage assessors to share concerns they might not otherwise raise in their official reports for fear of angering their tech clients and losing business.<\/p>\n\n\n\n<p><strong>Now:<\/strong> With FedRAMP reduced to being a \u201cpaper pusher,\u201d as one former GSA official put it, these third-party assessment firms have taken on even more importance in the vetting process. In response to questions from ProPublica, the GSA said that FedRAMP\u2019s system \u201cdoes not create an inherent conflict of interest for professional auditors who meet ethical and contractual performance expectations.\u201d It did not respond to questions about the program\u2019s back channel.<\/p>\n\n\n\n<p><strong>The takeaway:<\/strong> The pendulum has essentially swung back to the pre-FedRAMP era, when each federal agency was individually responsible for vetting the products it used. The GSA told me that FedRAMP\u2019s job is \u201cto ensure agencies have sufficient information to make these risk decisions.\u201d The problem is that agencies often lack the staff and resources to do thorough reviews, which means the whole system is leaning on the claims of the cloud companies and the assessments of the third-party firms they pay to evaluate them.<\/p>\n<\/div>\n\n\n<aside class=\"wp-block-query is-layout-flow wp-block-query-is-layout-flow\">\n<h2 class=\"wp-block-heading screen-reader-text\">Corrections<\/h2>\n\n<\/aside>\n\n\n\n<aside class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\">\n<\/aside>\n<\/div>\n\n\n\n<footer class=\"wp-block-group entry-footer is-layout-flow wp-block-group-is-layout-flow\">\n\n\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\">\n\n<\/div>\n\n\n\n<div class=\"wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-95163ec0 wp-block-group-is-layout-flex\" style=\"border-top-color:var(--p-dyn-color-gray-01);border-top-width:1px;padding-top:var(--wp--preset--spacing--p-spacing-3)\"><div class=\"taxonomy-pp_topic hide-print wp-block-post-terms wp-container-content-9cfa9a5a\"><span class=\"wp-block-post-terms__prefix\">Filed under \u2014 <\/span><a href=\"https:\/\/www.propublica.org\/topics\/technology\" rel=\"tag\">Technology<\/a><\/div>\n\n<div class=\"wp-block-propublica-republish-link\" data-component=\"republish-link\">\n\t\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n\t<div class=\"wp-block-button is-style-outline is-style-outline--7\"><button type=\"button\" class=\"wp-block-button__link wp-element-button wp-block-propublica-republish-link__open-button\">Republish This Story<\/button><\/div>\n\t<\/div>\n\n\t<div\n\t\tclass=\"wp-block-propublica-republish-link__modal wp-block-propublica-republish-link__modal--hidden\"\n\t\trole=\"dialog\"\n\t\taria-modal=\"true\"\n\t\taria-hidden=\"true\"\n\t\taria-labelledby=\"propublica-republish-link-label5\"\n\t\taria-description=\"propublica-republish-link-description6\"\n\t>\n\t\t\n<div class=\"wp-block-propublica-republish-link__modal__header\">\n\t<button type=\"button\" class=\"wp-block-propublica-republish-link__close-button\" aria-label=\"Close\">\n\t\t<svg aria-hidden=\"true\" focusable=\"false\" width=\"24\" height=\"24\"><use href=\"#am-symbol-close\"><\/use><\/svg>\t<\/button>\n<\/div>\n\t\t<div class=\"wp-block-propublica-republish-link__modal__content\">\n\t\t\t\n<div class=\"wp-block-propublica-republish-link__modal__instructions\">\n\t<h2 class=\"wp-block-propublica-republish-link__modal-hed\" id=\"propublica-republish-link-label5\">Republish This Story for Free<\/h2>\n\n\t<p class=\"wp-block-propublica-republish-link__modal-license\" id=\"propublica-republish-link-description6\"><a rel=\"license\" href=\"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/\">Creative Commons License (CC BY-NC-ND 3.0)<\/a><\/p>\n\n\t<hr\/>\n\n\t<p>\n\t\tThank you for your interest in republishing this story. You are free to republish it so long as you do the following:\t<\/p>\n\n\t<ul>\n\t\t<li>\n\t\t\tYou have to credit <em>ProPublica and any co-reporting partners<\/em>. In the byline, we prefer &quot;Author Name, Publication(s).&quot; At the top of the text of your story, include a line that reads: &quot;This story was originally published by ProPublica.&quot; You must link the word &quot;ProPublica&quot; to the original URL of the story.\t\t<\/li>\n\n\t\t<li>\n\t\t\tIf you&#039;re republishing online, you must link to the URL of this story on propublica.org, include all of the links from our story, including our newsletter sign up language and link, and use our <a href=\"\/pixelping\">PixelPing tag<\/a>.\t\t<\/li>\n\n\t\t<li>\n\t\t\tIf you use canonical metadata, please use the ProPublica URL. For more information about canonical metadata, <a href=\"https:\/\/support.google.com\/webmasters\/answer\/139066?hl=en\">refer to this Google SEO link<\/a>.\t\t<\/li>\n\n\t\t<li>\n\t\t\tYou can&#039;t edit our material, except to reflect relative changes in time, location and editorial style. (For example, &quot;yesterday&quot; can be changed to &quot;last week,&quot; and &quot;Portland, Ore.&quot; to &quot;Portland&quot; or &quot;here.&quot;)\t\t<\/li>\n\n\t\t<li>\n\t\t\tYou cannot republish our photographs or illustrations without specific permission. Please contact <a href=\"\/cdn-cgi\/l\/email-protection#8ee3ebeae7effce7e9e6fafdcefefce1fefbece2e7edefa0e1fce9\"><span class=\"__cf_email__\" data-cfemail=\"147971707d75667d737c60675464667b646176787d77753a7b6673\">[email&#160;protected]<\/span><\/a>.\t\t<\/li>\n\n\t\t<li>\n\t\t\tIt&#039;s okay to put our stories on pages with ads, but not ads specifically sold against our stories. You can&#039;t state or imply that donations to your organization support ProPublica&#039;s work.\t\t<\/li>\n\n\t\t<li>\n\t\t\tYou can&#039;t sell our material separately or syndicate it. This includes publishing or syndicating our work on platforms or apps such as Apple News, Google News, etc.\t\t<\/li>\n\n\t\t<li>\n\t\t\tYou can&#039;t republish our material wholesale, or automatically; you need to select stories to be republished individually. (To inquire about syndication or licensing opportunities, contact <a href=\"\/cdn-cgi\/l\/email-protection#375b5e545259445e5950774745584742555b5e545619584550\"><span class=\"__cf_email__\" data-cfemail=\"98f4f1fbfdf6ebf1f6ffd8e8eaf7e8edfaf4f1fbf9b6f7eaff\">[email&#160;protected]<\/span><\/a>.)\t\t<\/li>\n\n\t\t<li>\n\t\t\tYou can&#039;t use our work to populate a website designed to improve rankings on search engines or solely to gain revenue from network-based advertisements.\t\t<\/li>\n\n\t\t<li>\n\t\t\tWe do not generally permit translation of our stories into another language.\n\t\t<\/li>\n\n\t\t<li>\n\t\t\tAny website our stories appear on must include a prominent and effective way to contact you.\t\t<\/li>\n\t<\/ul>\n<\/div>\n\n<div class=\"wp-block-propublica-republish-link__modal__copy\">\n\t<label>\n\t\t<span class=\"screen-reader-text\">HTML<\/span>\n\n\t\t<textarea readonly tabindex=\"-1\">\n<h1>The Federal Government Is Rushing Toward AI. Our Reporting Offers Three Cautionary Tales.<\/h1>\n<p>As a cybersecurity reporter at ProPublica, <a href=\"https:\/\/www.propublica.org\/series\/zero-trust\">much of my work<\/a> over the past two years has focused on how the federal government and its IT contractors, like Microsoft, have navigated major technological transitions. The one now in the news every day is artificial intelligence.&nbsp;<\/p>\n<p>This emerging technology has its grip on everyone: Home users, corporations and the federal government are all rushing to use it. President Donald Trump and his Cabinet say AI will transform the nation, making us more prosperous, efficient and secure \u2014 if only we can adopt it fast enough.&nbsp;<\/p>\n<p>But this messaging isn\u2019t new. President Barack Obama\u2019s administration used nearly identical language a decade and a half ago as the U.S. barreled into the technological revolution of cloud computing.<\/p>\n<p>I\u2019ve studied how the federal government has handled \u2014 and mishandled \u2014 this transition over the past two decades, and my reporting offers some cautionary tales and valuable lessons as policymakers encourage the use of AI and federal agencies adopt the technology.<\/p>\n<h3>Lesson 1: There\u2019s no such thing as a free lunch&nbsp;<\/h3>\n<p><strong>Then:<\/strong> In the early 2020s, a series of cyberattacks linked to Russia, China and Iran left the federal government reeling. The Biden administration called on major tech companies to help the U.S. bolster its defenses. In response, Microsoft CEO Satya Nadella <a href=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/09\/23\/microsoft-expands-on-cybersecurity-commitments-for-u-s-government-agencies\/\">pledged to give the government<\/a> $150 million in technical services to help upgrade its digital security. It also offered a \u201cfree\u201d security upgrade for government customers.<\/p>\n<p><strong>Now:<\/strong> Last year, the Trump administration announced a raft of agreements with tech companies that were meant to help federal agencies \u201cpurchase enterprise AI tools <a href=\"https:\/\/www.gsa.gov\/technology\/government-it-initiatives\/artificial-intelligence\/buy-ai\">at government-friendly pricing<\/a>.\u201d Agencies could use OpenAI\u2019s ChatGPT for $1. Google\u2019s Gemini for 47 cents. Grok by xAI for 42 cents. The administration hoped that the low-cost pricing would make it \u201ceasier for federal teams to acquire powerful AI capabilities \u2026 to enhance mission delivery and operational efficiency.\u201d<\/p>\n<p><strong>The takeaway:<\/strong> Be wary of freebies. <a href=\"https:\/\/www.propublica.org\/article\/microsoft-white-house-offer-cybersecurity-biden-nadella\">Our investigation into Microsoft\u2019s seemingly straightforward commitment<\/a> revealed a more complex, profit-driven agenda. After installing the upgrades, federal customers would be effectively locked in, because shifting to a competitor after the free trial would be cumbersome and costly. At that point, the customer would have little choice but to pay for the higher subscription fees. The plan worked: One former Microsoft salesperson told me \u201cit was successful beyond what any of us could have imagined.\u201d In response to questions about the commitment, Microsoft has said its \u201csole goal during this period was to support an urgent request by the Administration to enhance the security posture of federal agencies who were continuously being targeted by sophisticated nation-state threat actors.\u201d<\/p>\n<p>Agencies looking to buy AI tools at discounted rates today must consider how the costs might balloon down the road. The General Services Administration warns that AI \u201cusage costs can grow quickly without proper monitoring and management controls\u201d and advises agencies to \u201cset usage limits and regularly review consumption reports.\u201d<\/p>\n<h3>Lesson 2: Oversight programs are only as effective as their resources<\/h3>\n<p><strong>Then:<\/strong> In the Obama era, the federal government shifted its sensitive information and computing needs to data centers owned and operated by private companies. Acknowledging the potential risks, the administration created the Federal Risk and Authorization Management Program, or FedRAMP, in 2011 to help ensure the security of the cloud computing services that it was encouraging U.S. agencies to use.<\/p>\n<p>But in <a href=\"https:\/\/www.propublica.org\/article\/microsoft-cloud-fedramp-cybersecurity-government\">my recent investigation of the program<\/a>, I found it was no match for Microsoft, which effectively wore down the FedRAMP team over five years as the company sought the program\u2019s seal of approval for a major cloud offering known as GCC High. Despite serious reservations about its cybersecurity, FedRAMP ultimately authorized the product, in part because it lacked the resources to keep going. In response to questions, Microsoft told me: \u201cWe stand by our products and the comprehensive steps we\u2019ve taken to ensure all FedRAMP-authorized products meet the security and compliance requirements necessary.\u201d<\/p>\n<p><strong>Now:<\/strong> Today, this tiny outpost within the General Services Administration has even fewer resources to oversee the cloud technology on which the government relies \u2014 including AI. FedRAMP says it now operates \u201cwith an absolute minimum of support staff\u201d and \u201climited customer service.\u201d The program was an early target of the Trump administration\u2019s Department of Government Efficiency.&nbsp;<\/p>\n<p><strong>The takeaway:<\/strong> FedRAMP, which a 2024 White House <a href=\"https:\/\/bidenwhitehouse.archives.gov\/omb\/management\/ofcio\/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp\/\">memo<\/a> said &#8220;must be an expert program that can analyze and validate the security claims&#8221; of cloud providers, is now little more than a rubber stamp for the tech industry, former employees told me. As federal agencies adopt AI tools that draw upon reams of sensitive information, the implications of this downsizing for federal cybersecurity are far-reaching. A GSA spokesperson defended the program and said FedRAMP now \u201coperates with strengthened oversight and accountability mechanisms.\u201d<\/p>\n<h3>Lesson 3: \u201cIndependent\u201d reviews are only so independent&nbsp;&nbsp;<\/h3>\n<p><strong>Then:<\/strong> The government has long relied on so-called third-party assessors to verify the security claims made by cloud service providers like Microsoft and Google. In theory, these firms are supposed to be independent experts that offer a recommendation to FedRAMP on whether a product meets federal standards. But in practice, their independence has an asterisk: They are paid by the companies they are evaluating.<\/p>\n<p>My recent investigation found that this setup creates an inherent conflict of interest. In the case of Microsoft\u2019s GCC High, two assessors recommended the product despite being unable to fully vet it, according to a former FedRAMP reviewer. One of those firms did not respond to my questions and the other denied this account.<\/p>\n<p>FedRAMP, we found, is well aware of how the financial arrangement between the cloud companies and their assessors can distort official findings about cybersecurity problems. The program even created a \u201cback channel\u201d to encourage assessors to share concerns they might not otherwise raise in their official reports for fear of angering their tech clients and losing business.<\/p>\n<p><strong>Now:<\/strong> With FedRAMP reduced to being a \u201cpaper pusher,\u201d as one former GSA official put it, these third-party assessment firms have taken on even more importance in the vetting process. In response to questions from ProPublica, the GSA said that FedRAMP\u2019s system \u201cdoes not create an inherent conflict of interest for professional auditors who meet ethical and contractual performance expectations.\u201d It did not respond to questions about the program\u2019s back channel.<\/p>\n<p><strong>The takeaway:<\/strong> The pendulum has essentially swung back to the pre-FedRAMP era, when each federal agency was individually responsible for vetting the products it used. The GSA told me that FedRAMP\u2019s job is \u201cto ensure agencies have sufficient information to make these risk decisions.\u201d The problem is that agencies often lack the staff and resources to do thorough reviews, which means the whole system is leaning on the claims of the cloud companies and the assessments of the third-party firms they pay to evaluate them.<\/p>\n<link rel=\"canonical\" href=\"https:\/\/www.propublica.org\/article\/federal-government-ai-cautionary-tales\" \/>\n<meta name=\"syndication-source\" content=\"https:\/\/www.propublica.org\/article\/federal-government-ai-cautionary-tales\" \/>\n<script type=\"text\/javascript\" src=\"https:\/\/pixel.propublica.org\/pixel.js\" async><\/script>\n<\/textarea>\t<\/label>\n\n\t<button type=\"button\" class=\"wp-block-propublica-republish-link__copy-button\">Copy HTML<\/button>\n<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n<\/div>\n\n\n<\/footer>\n<\/article>\n","protected":false},"excerpt":{"rendered":"President Donald Trump and his Cabinet say AI will transform the nation, making us more prosperous, efficient and secure. The messaging mirrors that of past administrations as they adopted emerging technology such as cloud computing. Kevin Dietsch\/Getty Images Zero Trust The Federal Government Is Rushing Toward AI. Our Reporting Offers Three Cautionary Tales. We\u2019ve been [&hellip;]","protected":false},"author":1,"featured_media":52,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"class_list":["post-19","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ciencia-tecnologia-e-inovacao"],"_links":{"self":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts\/19","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":3,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"predecessor-version":[{"id":307,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts\/19\/revisions\/307"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/media\/52"}],"wp:attachment":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}