COMMENTARY: Less than a week after xAI’s chatbot Grok made headlines for sharing a series of derogatory Nazi-like statements online, the Department of Defense announced a $200M contract with xAI for various national and state security purposes.Anthropic, Google, and OpenAI also were awarded contracts.Grok’s recent scandals highlight some of the risks of AI, and its owner’s new contract with the DoD raises bigger questions about AI and data security at the highest levels of the federal government.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]This tension between innovation speed and responsible governance has come into sharp focus as President Trump this week unveiled his AI Action Plan, which prioritizes removing regulatory barriers to accelerate American AI leadership.For AI to get used responsibly and efficiently by the government, agencies will have to implement stronger and AI-specific data security, governance, and ethical frameworks across the board.Three forces driving responsible AI in governmentUntrained or poorly governed AI can lead to biased outcomes, privacy breaches, and incidents that may trigger serious regulatory or legal consequences. It’s true in any environment, but in a public sector context, these risks are amplified, and the stakes of mismanagement are higher than those in the private sector because of the extremely sensitive nature of the data that the government manages. The federal government has a unique responsibility to protect its citizens. That’s why it also has a responsibility to implement responsible AI frameworks.Here are the three areas that governments should focus on to implement safe, secure AI that better serves the public:Realizing the potential of AI in governmentIn the age of AI, it’s imperative that governments develop and enforce strong ethical, security, and governance frameworks to ensure responsible AI use. These frameworks are much more than regulatory checkboxes: they’re essential guardrails that make it possible for AI to serve the public good without compromising security, privacy, and trust.We shouldn’t view responsible AI as a barrier to progress, but rather as the only viable path to unlocking the full, positive potential of AI systems and tools in the public sector. By fostering a culture of accountability and transparency, agencies can ensure that AI is not just advanced, but also aligned with social values and protected against bias and misuse.Ultimately, the promise of AI lies not only in its capacity for innovation and efficiency, but in our collective commitment to building systems that are trustworthy, auditable, and answerable to those they are meant to serve. Dana Simberkoff, chief risk, privacy and information security officer, AvePointSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
- Training data transparency and security: If we don’t trust what goes into an AI model, we can’t trust what comes out. That’s why it’s critical for governments to closely monitor and safeguard the data that they use to train their AI. To avoid accidental disclosures of confidential information, agencies need to have secure, automated measures in place to keep the most sensitive information out of datasets that are used to train LLM-based AI tools. That way, they won’t face legal and political fallout if information is overshared. Similarly, agencies need systems in place to minimize the impact of old and irrelevant information on training datasets, while also ensuring that training data is free from biases that could corrupt outputs.
- Robust ethical frameworks: As Grok reminded us recently, AI tools like chatbots need rigorous ethical guardrails to prevent dangerous, libelous, or offensive behavior. They also need human oversight to ensure that outputs align with societal values, regulatory expectations, and the public interest. Without these controls, even well-intentioned AI can produce outcomes that erode trust or cause real-world harm, especially when leveraged for high-stakes government functions. Agencies must also obtain explicit, informed consent before using citizen or employee data for AI training. They should also carefully document data provenance, ensure transparency in how information gets used, and routinely audit data access and processing practices.
- Strong data governance: According to researchers at Stanford, AI-related security incidents are up 56% year-over-year. That’s why agencies should enforce strict data access controls, employ strong encryption for data at rest and in transit, and implement protocols for secure data disposal. Regular audits, documentation of data provenance, and oversight by ethics committees further help prevent misuse or bias. These strategies safeguard sensitive information and foster public trust in AI-driven decision-making.
