CMMC Phase 1 went live on November 10, 2025. That means the DoD started writing CMMC assessment requirements directly into contracts. If you are a defense contractor and you have been using AI tools in your workflow without thinking about where your data goes, this is the moment that catches up with you.
This is not a theoretical compliance problem. It is happening right now. Program managers are pasting contract language into ChatGPT to clean up the wording. Engineers are dropping technical specs into Claude to get a faster explanation. Proposal writers are using commercial AI tools to draft sections of RFP responses. Every one of those actions is a potential CUI violation under the framework that is currently active.
Here is what you need to know — what is allowed, what will get you flagged, and what your documentation needs to say before a C3PAO walks in the door.
What CMMC Actually Says About AI
CMMC does not have a specific AI rule. What it has is a CUI rule — and that rule applies to every system that processes, stores, or transmits Controlled Unclassified Information, including AI tools.
The DoD's Level 2 scoping guide defines a "CUI Asset" as anything that processes, stores, or transmits CUI. When an employee pastes a paragraph from a CUI document into a commercial AI chatbot, that service is now processing CUI. Under DFARS 252.204-7012, any cloud service provider that processes, stores, or transmits CUI must meet FedRAMP Moderate authorization at minimum.
Most commercial AI tools do not meet that bar. ChatGPT has achieved FedRAMP 20x Low accreditation. Low is not sufficient. CUI requires Moderate or High. Claude, Gemini, Grammarly, GitHub Copilot, and Perplexity — none of them carry the FedRAMP authorization required for CUI handling in their standard commercial form.
If your employees are using any of these tools with CUI, your organization is relying on cloud services that do not meet the authorization requirements your CMMC assessment is built around.
There is also a newer layer on top of this. The FY2026 National Defense Authorization Act, signed in December 2025, includes Section 1513 — "Physical and Cybersecurity Procurement Requirements for Artificial Intelligence Systems." It directs the DoD to build a cybersecurity framework specifically for AI and machine learning systems as an extension of CMMC. The framework is not finalized yet, but Congress expects DoD's plan by June 2026. The direction is clear: AI-specific compliance requirements are coming, and they will bolt directly onto the CMMC structure you are already working within.
The Three Tools That Are Actually Authorized for CUI
Right now, in May 2026, there are three commercially available AI paths that meet the FedRAMP authorization threshold for CUI environments:
| Tool | Environment | Authorization Level | Notes |
|---|---|---|---|
| Microsoft 365 Copilot | GCC High | FedRAMP High | Reached general availability December 2025. Most straightforward path for contractors already in GCC High. |
| Azure OpenAI Service | Azure Government | FedRAMP High | More technical lift to deploy. Requires proper configuration — moving to Azure Government does not auto-certify anything. |
| AWS Bedrock | AWS GovCloud | FedRAMP High | Available but requires significant infrastructure investment. AI capabilities more limited than commercial AWS. |
Everything else that is commercially popular — standard ChatGPT, Claude.ai, Gemini, commercial Copilot, GitHub Copilot in commercial environments — falls outside the FedRAMP boundary for CUI.
On-premise AI deployments eliminate the cloud authorization question entirely, but they require real infrastructure investment and still need to be documented in your System Security Plan.
What You Can Use Without a CUI Problem
Not every AI use case involves CUI. There is a large category of work where commercial AI tools are completely fine — and contractors are leaving productivity on the table by avoiding them entirely out of compliance anxiety.
Public information research. Using AI to synthesize publicly available information — industry trends, competitive intelligence, technical research — carries no CUI risk. This is one of the safest and most valuable AI applications for any contractor.
Code generation for unclassified systems. AI coding assistants can improve developer productivity without CUI exposure when working on unclassified, non-CUI systems, generating boilerplate or algorithmic code, and reviewing code structure and logic. The line is clear: never input proprietary algorithms, classified designs, or CUI-related system architectures.
Internal process automation for non-CUI workflows. AI-powered workflow automation for non-CUI business processes — expense reporting, scheduling, general HR inquiries — can operate outside your assessment boundary.
Training and education. Using AI for employee training, onboarding, and general professional development creates no compliance issues as long as training materials do not contain CUI.
The rule is simple: if the information you are feeding into the tool is not CUI, you are not in the danger zone. The problem is that most employees do not have a clear mental model of what CUI actually is — which is why the documentation and training piece matters as much as the tool selection.
What Will Get You Flagged
These are the specific behaviors that create immediate compliance exposure. Not theoretical risk — actual findings that C3PAOs are documenting right now.
Pasting CUI into commercial AI tools. A PM pastes a contract paragraph into ChatGPT to clean up the language. An engineer drops a technical specification into Claude for a faster explanation. A proposal writer uses commercial AI to draft a section of an RFP response that contains program-specific requirements. Every one of these is a CUI flow finding. One instance creates a CUI spillage that requires incident response under DFARS 252.204-7012.
Using free or personal AI accounts for work. Personal accounts lack organizational controls, audit trails, and data governance capabilities. Even for non-CUI work, these create policy violations that assessors will surface.
AI tools in scope that are not in your SSP. If your organization deploys an AI tool that manages or monitors in-scope assets — an AI-powered SIEM, an AI-based EDR platform, an AI-powered patch management system — that tool is an in-scope security asset with CMMC assessment implications. If it is not in your System Security Plan, you have a documentation gap that will generate findings.
Assuming GCC High auto-certifies your AI use. Moving to GCC High is foundational infrastructure. It is not a compliance checkbox. You still have to design enclaves, enforce access controls, log activity, protect endpoints, and document how controls are met. "We're in GCC High" is not an answer that satisfies a C3PAO.
AI-generated documents that do not match your actual environment. AI tools are widely used to draft SSP content. The risk is that AI-generated content looks authoritative but may describe controls that do not match your actual technical environment. When an assessor compares documentation to the technical environment, the mismatch generates findings. AI-assisted drafting is useful for structure and completeness checks. Every implementation description still needs to be verified against the actual environment before it goes into a compliance artifact.
What You Have to Document
This is the part most contractors skip. The tool selection is the easy part. The documentation is what determines whether you pass an assessment.
System Security Plan (SSP) updates. Every AI tool within your assessment boundary must be documented in the SSP. This includes its role, data flows, and security posture. If you are using a FedRAMP-authorized AI service like Microsoft Copilot in GCC High, that relationship needs to be documented along with the provider's service description and shared responsibility matrix. If you are using no AI tools with CUI, document that too — because the assessor will ask.
AI Acceptable Use Policy. This is not optional. You need a formal policy that defines which AI tools are authorized, what categories of information cannot be input into any AI tool, the approval process for adding new AI tools, and what happens when someone violates the policy. Written policies are not enough on their own — C3PAOs want to see technical controls (DNS filtering, Data Loss Prevention rules, CASB monitoring) that prevent CUI from reaching non-compliant services.
Asset inventory updates. Any AI tool that touches CUI belongs in your asset inventory. Any AI tool that provides security functions for in-scope systems belongs in your asset inventory. If it is not in the inventory, it does not exist from an assessment standpoint.
Risk assessment documentation. Include AI systems in your risk assessment process. Document risks, mitigations, and ongoing monitoring. This is especially relevant for AI-powered security tools where the AI itself is part of your security posture.
Annual affirmation support. CMMC Level 2 requires annual affirmations confirming no changes have compromised compliance. If you added AI tools during the year, you need documentation showing how those implementations maintain your security posture.
The Documentation Checklist
Before a C3PAO walks in, your AI documentation needs to answer every one of these questions:
| Question | Document |
|---|---|
| What AI tools does your organization use? | Asset inventory |
| Which AI tools can process CUI? | SSP, data flow diagrams |
| Are CUI-touching AI tools FedRAMP Moderate/High authorized? | SSP, vendor documentation |
| What technical controls prevent CUI from reaching non-compliant AI tools? | SSP, network diagrams, DLP configuration |
| What is your AI acceptable use policy? | AUP document |
| How are employees trained on AI tool restrictions? | Training records |
| How do you monitor AI tool usage? | SIEM/logging configuration |
| What is your incident response plan if CUI is exposed through AI? | IR plan |
If you cannot answer any of these with a document you can hand to an assessor, you have a gap.
What Is Coming Next
Section 1513 of the FY2026 NDAA directs the DoD to build a formal AI cybersecurity framework as an extension of CMMC. Congress expects DoD's plan by June 2026. The framework will address six risk categories: workforce and insider threats, AI-specific vulnerabilities, supply chain risks, adversarial tampering, data theft, and security monitoring of deployed AI systems.
The framework is not finalized. But the direction is clear. If you develop, deploy, store, or host AI or machine learning systems for DoD — including source code, model weights, training data, and algorithms — you will be a covered entity under this framework. The requirements will scale with how sensitive the AI system is to national security.
The contractors who are documenting their AI usage now, building compliant environments, and establishing governance frameworks are the ones who will absorb the new requirements without a scramble. The contractors who are waiting are building a compliance debt that gets harder to pay the longer they wait.
CMMC Phase 2 begins November 10, 2026. That is when C3PAO assessments become required for Level 2 contracts. You have roughly five months. The AI documentation piece is not the hardest part of CMMC — but it is the part most contractors are ignoring right now, and it is the part that will show up as a finding.
The Bottom Line
Using AI as a defense contractor is not a compliance problem. Using AI without understanding where your data goes is.
The rule is simple: if the tool touches CUI, it needs to be FedRAMP Moderate or High authorized, documented in your SSP, covered by your acceptable use policy, and monitored. If it does not touch CUI, document that boundary and enforce it technically — not just in writing.
The tools that are authorized right now are Microsoft 365 Copilot in GCC High, Azure OpenAI in Azure Government, and AWS Bedrock in GovCloud. Everything else stays outside the CUI boundary.
Get the documentation right before November. The assessors are going to ask about AI. Be the contractor who already has the answer.
Want the field notes, templates, and build guides before they hit the public feed?
Join Edge of Intel.
No spam. Unsubscribe anytime.
Sign up for Edge of Intel.
AI workflows, automation playbooks, and certification for the underdog. No enterprise budget required — just the edge to outbuild everyone else.