[{"data":1,"prerenderedAt":489},["ShallowReactive",2],{"/en-us/the-source/authors/bob-stevens/":3,"footer-en-us":33,"the-source-navigation-en-us":341,"the-source-newsletter-en-us":368,"bob-stevens-articles-list-authors-en-us":380,"bob-stevens-articles-list-en-us":411,"bob-stevens-page-categories-en-us":488},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":10,"content":12,"type":25,"slug":26,"_id":27,"_type":28,"title":11,"_source":29,"_file":30,"_stem":31,"_extension":32},"/en-us/the-source/authors/bob-stevens","authors",false,"",{"layout":9},"the-source",{"title":11},"Bob Stevens",[13,23],{"componentName":14,"type":14,"componentContent":15},"TheSourceAuthorHero",{"config":16,"name":11,"role":19,"headshot":20},{"gitlabHandle":17,"linkedInProfileUrl":18},"bstevens1","https://www.linkedin.com/in/bob-stevens-1237564/","Public Sector Area Vice President, GitLab",{"altText":11,"config":21},{"src":22},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1752687939/mv3lhtimdzr8jmfqmbk1.jpg",{"componentName":24,"type":24},"TheSourceArticlesList","author","bob-stevens","content:en-us:the-source:authors:bob-stevens.yml","yaml","content","en-us/the-source/authors/bob-stevens.yml","en-us/the-source/authors/bob-stevens","yml",{"_path":34,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":36,"_id":337,"_type":28,"title":338,"_source":29,"_file":339,"_stem":340,"_extension":32},"/shared/en-us/main-footer","en-us",{"text":37,"source":38,"edit":44,"contribute":49,"config":54,"items":59,"minimal":329},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":39,"config":40},"View page source",{"href":41,"dataGaName":42,"dataGaLocation":43},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":45,"config":46},"Edit this page",{"href":47,"dataGaName":48,"dataGaLocation":43},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":50,"config":51},"Please contribute",{"href":52,"dataGaName":53,"dataGaLocation":43},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":55,"facebook":56,"youtube":57,"linkedin":58},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[60,87,160,228,290],{"title":61,"links":62,"subMenu":68},"Platform",[63],{"text":64,"config":65},"DevSecOps platform",{"href":66,"dataGaName":67,"dataGaLocation":43},"/platform/","devsecops platform",[69],{"title":70,"links":71},"Pricing",[72,77,82],{"text":73,"config":74},"View plans",{"href":75,"dataGaName":76,"dataGaLocation":43},"/pricing/","view plans",{"text":78,"config":79},"Why Premium?",{"href":80,"dataGaName":81,"dataGaLocation":43},"/pricing/premium/","why premium",{"text":83,"config":84},"Why Ultimate?",{"href":85,"dataGaName":86,"dataGaLocation":43},"/pricing/ultimate/","why ultimate",{"title":88,"links":89},"Solutions",[90,95,100,105,110,115,120,125,130,135,140,145,150,155],{"text":91,"config":92},"Digital transformation",{"href":93,"dataGaName":94,"dataGaLocation":43},"/topics/digital-transformation/","digital transformation",{"text":96,"config":97},"Security & Compliance",{"href":98,"dataGaName":99,"dataGaLocation":43},"/solutions/security-compliance/","security & compliance",{"text":101,"config":102},"Automated software delivery",{"href":103,"dataGaName":104,"dataGaLocation":43},"/solutions/delivery-automation/","automated software delivery",{"text":106,"config":107},"Agile development",{"href":108,"dataGaName":109,"dataGaLocation":43},"/solutions/agile-delivery/","agile delivery",{"text":111,"config":112},"Cloud transformation",{"href":113,"dataGaName":114,"dataGaLocation":43},"/topics/cloud-native/","cloud transformation",{"text":116,"config":117},"SCM",{"href":118,"dataGaName":119,"dataGaLocation":43},"/solutions/source-code-management/","source code management",{"text":121,"config":122},"CI/CD",{"href":123,"dataGaName":124,"dataGaLocation":43},"/solutions/continuous-integration/","continuous integration & delivery",{"text":126,"config":127},"Value stream management",{"href":128,"dataGaName":129,"dataGaLocation":43},"/solutions/value-stream-management/","value stream management",{"text":131,"config":132},"GitOps",{"href":133,"dataGaName":134,"dataGaLocation":43},"/solutions/gitops/","gitops",{"text":136,"config":137},"Enterprise",{"href":138,"dataGaName":139,"dataGaLocation":43},"/enterprise/","enterprise",{"text":141,"config":142},"Small business",{"href":143,"dataGaName":144,"dataGaLocation":43},"/small-business/","small business",{"text":146,"config":147},"Public sector",{"href":148,"dataGaName":149,"dataGaLocation":43},"/solutions/public-sector/","public sector",{"text":151,"config":152},"Education",{"href":153,"dataGaName":154,"dataGaLocation":43},"/solutions/education/","education",{"text":156,"config":157},"Financial services",{"href":158,"dataGaName":159,"dataGaLocation":43},"/solutions/finance/","financial services",{"title":161,"links":162},"Resources",[163,168,173,178,183,188,193,198,203,208,213,218,223],{"text":164,"config":165},"Install",{"href":166,"dataGaName":167,"dataGaLocation":43},"/install/","install",{"text":169,"config":170},"Quick start guides",{"href":171,"dataGaName":172,"dataGaLocation":43},"/get-started/","quick setup checklists",{"text":174,"config":175},"Learn",{"href":176,"dataGaName":177,"dataGaLocation":43},"https://university.gitlab.com/","learn",{"text":179,"config":180},"Product documentation",{"href":181,"dataGaName":182,"dataGaLocation":43},"https://docs.gitlab.com/","docs",{"text":184,"config":185},"Blog",{"href":186,"dataGaName":187,"dataGaLocation":43},"/blog/","blog",{"text":189,"config":190},"Customer success stories",{"href":191,"dataGaName":192,"dataGaLocation":43},"/customers/","customer success stories",{"text":194,"config":195},"Remote",{"href":196,"dataGaName":197,"dataGaLocation":43},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":199,"config":200},"GitLab Services",{"href":201,"dataGaName":202,"dataGaLocation":43},"/services/","services",{"text":204,"config":205},"TeamOps",{"href":206,"dataGaName":207,"dataGaLocation":43},"/teamops/","teamops",{"text":209,"config":210},"Community",{"href":211,"dataGaName":212,"dataGaLocation":43},"/community/","community",{"text":214,"config":215},"Forum",{"href":216,"dataGaName":217,"dataGaLocation":43},"https://forum.gitlab.com/","forum",{"text":219,"config":220},"Events",{"href":221,"dataGaName":222,"dataGaLocation":43},"/events/","events",{"text":224,"config":225},"Partners",{"href":226,"dataGaName":227,"dataGaLocation":43},"/partners/","partners",{"title":229,"links":230},"Company",[231,236,241,246,251,256,261,265,270,275,280,285],{"text":232,"config":233},"About",{"href":234,"dataGaName":235,"dataGaLocation":43},"/company/","company",{"text":237,"config":238},"Jobs",{"href":239,"dataGaName":240,"dataGaLocation":43},"/jobs/","jobs",{"text":242,"config":243},"Leadership",{"href":244,"dataGaName":245,"dataGaLocation":43},"/company/team/e-group/","leadership",{"text":247,"config":248},"Team",{"href":249,"dataGaName":250,"dataGaLocation":43},"/company/team/","team",{"text":252,"config":253},"Handbook",{"href":254,"dataGaName":255,"dataGaLocation":43},"https://handbook.gitlab.com/","handbook",{"text":257,"config":258},"Investor relations",{"href":259,"dataGaName":260,"dataGaLocation":43},"https://ir.gitlab.com/","investor relations",{"text":262,"config":263},"Sustainability",{"href":264,"dataGaName":262,"dataGaLocation":43},"/sustainability/",{"text":266,"config":267},"Diversity, inclusion and belonging (DIB)",{"href":268,"dataGaName":269,"dataGaLocation":43},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":271,"config":272},"Trust Center",{"href":273,"dataGaName":274,"dataGaLocation":43},"/security/","trust center",{"text":276,"config":277},"Newsletter",{"href":278,"dataGaName":279,"dataGaLocation":43},"/company/contact/","newsletter",{"text":281,"config":282},"Press",{"href":283,"dataGaName":284,"dataGaLocation":43},"/press/","press",{"text":286,"config":287},"Modern Slavery Transparency Statement",{"href":288,"dataGaName":289,"dataGaLocation":43},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":291,"links":292},"Contact Us",[293,298,303,308,313,318,323],{"text":294,"config":295},"Contact an expert",{"href":296,"dataGaName":297,"dataGaLocation":43},"/sales/","sales",{"text":299,"config":300},"Get help",{"href":301,"dataGaName":302,"dataGaLocation":43},"/support/","get help",{"text":304,"config":305},"Customer portal",{"href":306,"dataGaName":307,"dataGaLocation":43},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":309,"config":310},"Status",{"href":311,"dataGaName":312,"dataGaLocation":43},"https://status.gitlab.com/","status",{"text":314,"config":315},"Terms of use",{"href":316,"dataGaName":317,"dataGaLocation":43},"/terms/","terms of use",{"text":319,"config":320},"Privacy statement",{"href":321,"dataGaName":322,"dataGaLocation":43},"/privacy/","privacy statement",{"text":324,"config":325},"Cookie preferences",{"dataGaName":326,"dataGaLocation":43,"id":327,"isOneTrustButton":328},"cookie preferences","ot-sdk-btn",true,{"items":330},[331,333,335],{"text":314,"config":332},{"href":316,"dataGaName":317,"dataGaLocation":43},{"text":319,"config":334},{"href":321,"dataGaName":322,"dataGaLocation":43},{"text":324,"config":336},{"dataGaName":326,"dataGaLocation":43,"id":327,"isOneTrustButton":328},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":342,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":343,"subscribeLink":348,"navItems":352,"_id":364,"_type":28,"title":365,"_source":29,"_file":366,"_stem":367,"_extension":32},"/shared/en-us/the-source/navigation",{"altText":344,"config":345},"the source logo",{"src":346,"href":347},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":349,"config":350},"Subscribe",{"href":351},"#subscribe",[353,357,360],{"text":354,"config":355},"Artificial Intelligence",{"href":356},"/the-source/ai/",{"text":96,"config":358},{"href":359},"/the-source/security/",{"text":361,"config":362},"Platform & Infrastructure",{"href":363},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":369,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":370,"description":371,"submitMessage":372,"formData":373,"_id":377,"_type":28,"_source":29,"_file":378,"_stem":379,"_extension":32},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":374},{"formId":375,"formName":376,"hideRequiredLabel":328},1077,"thesourcenewsletter","content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"amanda-rueda":381,"andre-michael-braun":382,"andrew-haschka":383,"ayoub-fandi":384,"bob-stevens":11,"brian-wald":385,"bryan-ross":386,"chandler-gibbons":387,"dave-steer":388,"ddesanto":389,"derek-debellis":390,"emilio-salvador":391,"erika-feldman":392,"george-kichukov":393,"gitlab":394,"grant-hickman":395,"haim-snir":396,"iganbaruch":397,"jlongo":398,"joel-krooswyk":399,"josh-lemos":400,"julie-griffin":401,"kristina-weis":402,"lee-faus":403,"ncregan":404,"rschulman":405,"sabrina-farmer":406,"sandra-gittlen":407,"sharon-gaudin":408,"stephen-walters":409,"taylor-mccaslin":410},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Brian Wald","Bryan Ross","Chandler Gibbons","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Niall Cregan","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"allArticles":412,"visibleArticles":487,"showAllBtn":328},[413,451],{"_path":414,"_dir":415,"_draft":6,"_partial":6,"_locale":7,"slug":416,"type":417,"category":415,"config":418,"seo":422,"content":427,"_id":448,"_type":28,"title":424,"_source":29,"_file":449,"_stem":450,"_extension":32,"description":425,"date":428,"timeToRead":429,"heroImage":426,"keyTakeaways":430,"articleBody":434,"faq":435},"/en-us/the-source/ai/how-ai-can-fix-governments-legacy-code-problem","ai","how-ai-can-fix-governments-legacy-code-problem","article",{"layout":9,"template":419,"featured":6,"articleType":420,"author":26,"gatedAsset":421,"isHighlighted":6,"authorName":11},"TheSourceArticle","Regular","source-lp-ai-powered-efficiency-modernizing-government-in-2025",{"config":423,"title":424,"ogTitle":424,"description":425,"ogDescription":425,"ogImage":426},{"noIndex":6},"How AI can fix government’s legacy code problem","Discover how AI-powered modernization tools can transform government's expensive legacy COBOL systems into secure, efficient infrastructure in months.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720940/display-the-source-how-ai-can-solve-the-federal-legacy-code-crisis-article-image-0818-1800x945-fy26_yrmbw4.png",{"title":424,"description":425,"date":428,"timeToRead":429,"heroImage":426,"keyTakeaways":430,"articleBody":434,"faq":435},"2025-07-29","5 min read",[431,432,433],"Federal agencies spend hundreds of millions of dollars annually maintaining legacy systems, creating security risks and operational inefficiencies.","AI-powered refactoring tools can modernize legacy government code in months instead of years, translating outdated code into secure, compliant modern applications.","Modern AI-native DevSecOps platforms prevent future technical debt by building security and compliance into new code from day one, breaking the expensive maintenance cycle.","NASA uses AI to guide rovers on Mars, but federal agencies still run key operations on COBOL, a programming language older than the moon landing. \n\nCritical U.S. agencies like the Department of Health and Human Services, Social Security Administration, and Centers for Medicare and Medicaid Services depend on systems built with COBOL and other legacy languages. However, fewer and fewer programmers know how to work with this outdated code. \n\nThat means each year brings higher chances of major system breakdowns that could stop benefit payments, expose private citizen data, or create processing delays affecting millions of citizens.\n\nHowever, because modernizing legacy code can be such a daunting process, many agencies have delayed major upgrade projects, choosing instead to patch problems as they appear. This strategy has created technical debt that grows exponentially over time.\n\nWith mounting pressure to improve efficiency, the public sector has a chance to use AI for a critical purpose: system modernization. Agencies can use AI to expedite the [modernization of legacy applications](https://about.gitlab.com/the-source/security/why-legacy-code-is-a-security-risk-and-how-ai-can-help/) with memory-safe code, which was once a slow and challenging process.\n\nThe time to start modernization projects is now. AI-powered tools can turn what once took years into a faster path for agencies to eliminate their dependence on COBOL and other outdated languages.\n## Understanding code refactoring basics\nMoving away from COBOL begins with code refactoring — a method that enhances the design and stability of existing code, enabling the secure modernization of legacy code without altering its functionality.\n\nTraditional refactoring methods include inline refactoring, which restructures outdated elements of code, and abstraction, which eliminates repeated code. However, these methods require a significant amount of time, skilled developers who understand legacy languages, and thorough testing to function properly.\n\nWhile federal agencies recognize that modernization is necessary in the long term, it's challenging to justify spending resources now when the benefits may not be realized for years.\n## Using AI for code modernization\nAI makes the refactoring process achievable. Developers across all industries are adopting this approach: [GitLab research](https://about.gitlab.com/developer-survey/2024/ai/) found that 34% of organizations already use AI in their software development lifecycle, including for code modernization.\n\nAI tools handle the heavy lifting in refactoring, such as understanding complex legacy code and creating modern code that works the same way. For developers with limited COBOL knowledge, these tools work like translators between old and new programming methods.\n\nAfter modernizing the code, AI can further improve it by identifying security vulnerabilities, recommending optimizations, and automatically running comprehensive testing. For government agencies with stringent security and compliance requirements, this automated hardening of codebases eliminates a major modernization barrier, reducing the modernization timeline from years to months.\n## Building software for tomorrow\nWhile addressing the challenges associated with legacy code is important, forward-thinking government agencies must also adopt modern development practices that avoid creating future technical debt. A [DevSecOps platform](https://about.gitlab.com/platform/) lets developers quickly build software with AI help and security built into every line of code.\n\nWith a comprehensive platform, AI works as both a speed booster and protector. Tools like [AI-powered code suggestions](https://about.gitlab.com/solutions/code-suggestions/) can incorporate federal compliance rules and generate secure, optimized code that meets government standards from day one. Meanwhile, vulnerability scanning finds and fixes potential security issues before deployment. This shift allows developers to focus on high-value work that requires human skills instead of routine coding tasks.\n\nThe collaborative aspects of AI go beyond code creation to improve team collaboration. By summarizing code review comments, identifying potential integration problems, and tracking compliance requirements, AI tools streamline communication between distributed development teams.\n\nIn addition, security becomes an ongoing, integrated process instead of a checkpoint at project completion. [AI-powered vulnerability detection](https://about.gitlab.com/the-source/ai/understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo/) doesn't just find risks faster — it explains them in the context of federal security requirements, suggests specific fixes, and learns from each project to improve future development.\n\nThe federal government has made real progress using technology to serve citizens and protect national security. By embracing AI-powered modernization for both legacy systems and new development, agencies can break free from the expensive cycle of managing old technical debt while building more responsive, secure, and adaptable digital infrastructure.",[436,439,442,445],{"header":437,"content":438},"How long does AI-powered code modernization take compared to traditional methods?","AI-powered refactoring tools can modernize legacy government code in months instead of years. Traditional modernization projects often take years to show benefits, while AI tools accelerate the timeline by automatically handling complex code translation and testing processes.",{"header":440,"content":441},"Which government agencies rely most heavily on legacy COBOL systems?","Critical agencies including the Department of Health and Human Services, Social Security Administration, and Centers for Medicare and Medicaid Services depend on COBOL and other legacy systems. These systems handle operations affecting millions of citizens, from benefit payments to healthcare data processing.",{"header":443,"content":444},"What security risks do legacy government systems create?","Legacy systems represent an expanding attack surface with higher chances of major breakdowns each year. These vulnerabilities could stop benefit payments, expose private citizen data, or create processing delays affecting millions of Americans.",{"header":446,"content":447},"How does DevSecOps prevent future technical debt in government development?","AI-native DevSecOps platforms build security and compliance into new code from day one, incorporating federal compliance rules automatically. This approach prevents the accumulation of technical debt by creating secure, optimized code that meets government standards during initial development.","content:en-us:the-source:ai:how-ai-can-fix-governments-legacy-code-problem:index.yml","en-us/the-source/ai/how-ai-can-fix-governments-legacy-code-problem/index.yml","en-us/the-source/ai/how-ai-can-fix-governments-legacy-code-problem/index",{"_path":452,"_dir":415,"_draft":6,"_partial":6,"_locale":7,"slug":453,"type":417,"category":415,"config":454,"seo":456,"content":460,"_id":484,"_type":28,"title":461,"_source":29,"_file":485,"_stem":486,"_extension":32,"description":458,"date":462,"timeToRead":429,"keyTakeaways":463,"articleBody":467,"faq":468,"heroImage":459},"/en-us/the-source/ai/self-hosted-ai-balance-innovation-and-security-in-government","self-hosted-ai-balance-innovation-and-security-in-government",{"layout":9,"template":419,"featured":328,"articleType":420,"author":26,"gatedAsset":455,"isHighlighted":6,"authorName":11},"source-lp-ai-for-air-gapped-environments",{"title":457,"description":458,"ogImage":459},"Self-hosted AI: Balance innovation & security in government","Discover how self-hosted models enable federal agencies to leverage artificial intelligence while maintaining strict security and compliance standards.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1752687563/vda4ouljcsv1z63bvs2p.png",{"title":461,"description":458,"date":462,"timeToRead":429,"keyTakeaways":463,"articleBody":467,"faq":468,"heroImage":459},"Self-hosted AI: Balance innovation and security in government","2025-07-22",[464,465,466],"Self-hosted models allow federal agencies to use artificial intelligence while keeping sensitive data within secure, controlled environments that meet strict compliance requirements.","Government organizations gain better security, cost control, and custom solutions by running AI models on their own infrastructure rather than using cloud-based services.","Military branches like the Army, Air Force, and Defense Information Systems Agency are already deploying self-hosted AI tools for mission-critical operations.","Government agencies face strict rules that prevent them from using cloud technology for software development. This blocks their access to AI's transformative potential because most advanced AI solutions run in the cloud. The risks of sending data outside their networks and losing control over AI environments force them to find a more secure path.\n\nDespite these challenges, ignoring AI entirely isn't realistic. Agencies must integrate AI into software development to support [efficient software modernization](https://about.gitlab.com/the-source/ai/reducing-software-development-complexity-with-ai/). But how can they use AI tools to enhance productivity, improve security, and drive innovation without exposing themselves to the risks associated with cloud-based AI solutions?\n\nSelf-hosted AI models provide a strategic solution. By running and managing large language models (LLMs) and other advanced AI capabilities within their own secure infrastructure, whether in on-premises data centers or private cloud environments, agencies gain the control needed to leverage AI while maintaining strict compliance standards and advancing mission-critical applications.\n\n## Key benefits of a self-hosted AI strategy\n\nAfter working with federal agency tech leaders for many years, I understand that a statement like \"Let's just host it ourselves\" might raise some eyebrows. It's not always straightforward, especially with a technology as new as AI. However, evidence suggests that federal agencies and defense organizations are ready for a different approach.\n\nFor example, [the Pentagon is actively working on a \"fast pass\" approach](https://federalnewsnetwork.com/defense-news/2025/04/pentagon-to-establish-secure-software-assurance-program/) to securing software components, aiming to onboard approved software more quickly by using existing standards such as [Software Bill of Materials (SBOM)](https://about.gitlab.com/the-source/security/guide-to-dynamic-sboms/), the NIST Secure Software Development Framework (SSDF), and other common attestation methods and [risk assessments](https://about.gitlab.com/the-source/security/embedding-risk-intelligence-into-your-software-supply-chain/).\n\nMeanwhile, the House Oversight and Government Reform Committee has been exploring ways to use IT modernization to enhance efficiency. And there's a broad groundswell of interest in finding ways to leverage AI in government.\n\nHere are several examples from the U.S. military:\n\n- The Defense Information Systems Agency is developing a [new data strategy](https://www.linkedin.com/pulse/disa-outlines-blueprint-new-data-strategy-u4jfc/?trackingId=hNpbXWugSH%2BukncYhngytA%3D%3D) that integrates data, analytics, and AI into all aspects of defense operations through a secure, self-hosted platform.\n- The Army is building [two new self-hosted AI tools](https://www.army.mil/article/283601/enhancing_military_operational_effectiveness_through_the_integration_of_camo_and_nipr_gpt), CamoGPT and NIPR GPT, to support predictive maintenance, analysis of adversaries' communications, logistics optimization, and evaluation of different proposed courses of action.\n- The Air Force Research Lab is developing an open-source platform, the [Air and Space Force Cognitive Engine](https://afresearchlab.com/technology/air-and-space-force-cognitive-engine/), a flexible, single IT platform for operationalizing AI within the Air Force.\n\nGovernment organizations see clear advantages when they host LLMs within their own secure infrastructure:\n- **Data sovereignty**: When working with sensitive national security information, the risks of external data processing and limited control over AI environments demand a more secure approach that keeps critical data within protected boundaries. Self-hosted environments ensure that level of security.\n- **Regulatory compliance**: Federal agencies must adhere to complex regulatory frameworks, including the Federal Risk and Authorization Management Program (FedRAMP), International Traffic in Arms Regulation (ITAR), Federal Information Security Modernization Act (FISMA), and agency-specific mandates. Self-hosted environments provide the detailed control necessary to implement specific security controls, audit trails, and governance frameworks that meet these strict requirements.\n- **Better security**: Self-hosted models dramatically reduce potential attack vectors by removing dependencies on external APIs and third-party infrastructure. Agencies maintain complete control over access management, network segmentation, and vulnerability patching within their AI systems.\n- **Custom solutions**: Unlike standard cloud solutions, agencies can choose from a list of supported AI models using specialized datasets tailored to their unique use cases and environments. This enables the development of more effective, purpose-built AI solutions that directly support mission objectives, whether by enhancing intelligence analysis, optimizing resources, or strengthening cybersecurity. This customization also facilitates [integration with legacy systems](https://about.gitlab.com/the-source/security/why-legacy-code-is-a-security-risk-and-how-ai-can-help/), a common challenge in the public sector.\n- **Cost control**: While the initial setup requires an investment in infrastructure and expertise, self-hosted AI models can provide more predictable long-term cost structures compared to variable subscription-based cloud models. This approach offers greater flexibility for large-scale deployments, leveraging existing infrastructure and personnel. Plus, self-hosted AI can offer a secure environment for modernizing legacy systems while maintaining direct oversight of sensitive code.\n\n## Fostering innovation within a trusted framework\n\nRunning AI in a secure, self-hosted environment supports innovation within a foundation of trust and control. Agencies can adopt open-source AI advances while maintaining security, compliance, and performance standards. This flexibility allows government developers and data scientists to build critical applications with security and compliance as foundational principles rather than afterthoughts.\n\nThe examples above clearly demonstrate that the U.S. government — particularly the Department of Defense — is serious about embracing the potential of AI to make their work more effective, efficient, and innovative. This movement is already well underway.\n\nFor federal agencies, integrating self-hosted AI models into software development workflows is essential for managing the complex web of security regulations while fostering innovation. Self-hosting allows AI to reach its full potential throughout the software development lifecycle. This enhances operational effectiveness, strengthens security, and accelerates the creation of more intelligent applications to safeguard national interests in an increasingly complex digital environment.",[469,472,475,478,481],{"header":470,"content":471},"What is self-hosted AI and how does it work for government agencies?","Self-hosted AI involves running large language models and AI capabilities within an agency's own secure infrastructure, either on-premises or in private cloud environments. This approach allows agencies to leverage AI tools while maintaining complete control over sensitive data and meeting strict compliance requirements.",{"header":473,"content":474},"Which military branches are currently using self-hosted AI tools?","The Army is building CamoGPT and NIPR GPT for predictive maintenance and logistics optimization. The Air Force Research Lab is developing the Air and Space Force Cognitive Engine platform. The Defense Information Systems Agency is integrating AI into defense operations via secure, self-hosted platforms.",{"header":476,"content":477},"What compliance standards must government self-hosted AI meet?","Government self-hosted AI must comply with FedRAMP, ITAR, FISMA, and agency-specific mandates. Self-hosted environments provide the detailed control needed for specific security controls, audit trails, and governance frameworks that meet these strict regulatory requirements.",{"header":479,"content":480},"How does self-hosted AI reduce security risks compared to cloud-based solutions?","Self-hosted AI dramatically reduces attack vectors by eliminating dependencies on external APIs and third-party infrastructure. Agencies maintain complete control over access management, network segmentation, and vulnerability patching within their AI systems, keeping sensitive data within protected boundaries.",{"header":482,"content":483},"What are the cost advantages of self-hosted AI for government agencies?","Self-hosted AI provides more predictable long-term cost structures compared to variable subscription-based cloud models. While requiring initial infrastructure investment, this approach offers greater flexibility for large-scale deployments and leverages existing government infrastructure and personnel resources.","content:en-us:the-source:ai:self-hosted-ai-balance-innovation-and-security-in-government:index.yml","en-us/the-source/ai/self-hosted-ai-balance-innovation-and-security-in-government/index.yml","en-us/the-source/ai/self-hosted-ai-balance-innovation-and-security-in-government/index",[413,451],{"ai":354,"platform":361,"security":96},1753981668009]