The DIB has a compliance problem it has not fully named yet.

The Cybersecurity Maturity Model Certification (CMMC) reached final rule status in late 2025. After years of delays, false starts, and contractor frustration, the framework is now the law of the contract. Level 2 requires 110 security practices derived from NIST SP 800-171. Level 3 draws from NIST SP 800-172. The structure is established. The third-party assessment process is running. Contractors who have not started are already behind.

What CMMC does not yet cover is AI. That gap is being closed from two directions at the same time and the timelines are tighter than most of the DIB realizes.

Section 1513 of the FY2026 NDAA directs the Department of War to develop a risk-based cybersecurity framework for AI and machine learning systems and to incorporate that framework into both Defense Federal Acquisition Regulation Supplement (DFARS) and CMMC. The legislation defines coverage broadly. Source code. Model weights. Training data. Algorithms. The software used to evaluate whether the AI is trustworthy. Any contractor that develops, deploys, stores, or hosts any of that for the Department of War is a covered entity. The framework will apply as an extension of existing DoW cybersecurity requirements. CMMC is named directly. The groundwork contractors are laying for Level 2 today is the foundation the AI framework will sit on.

The second direction is executive. On June 5, 2026, the White House issued National Security Presidential Memorandum 11, directing the national security enterprise to accelerate AI adoption across intelligence and warfighting domains. NSPM-11 is built around four pillars: adoption, adaptation, assurance, and accountability. The assurance pillar is where the security requirements sit, and they are specific. The memorandum directs that no commercial entity or adversary shall possess the capability to prevent the use of, disable, degrade, or materially modify, without Federal Government knowledge and approval, any AI system that national security personnel depend on for their missions. It call for rigorous testing, evaluation, validation, and verification to assure the confidentiality, integrity, reliability, availability, and interoperability of AI systems across the national security enterprise.

NSPM-11 also addresses the supply chain directly. Within 120 days of issuance, the Department of War, the Department of Energy, the Director of National Intelligence, and the National Security Agency Director are directed to develop partnerships with private-sector companies to help secure cutting-edge AI technologies, including from malicious distillation attacks. Distillation is a specific and under appreciated threat vector that occurs when an adversary extracts a model’s behavior and knowledge by querying it repeatedly, then replicating that capability in a version they control. The fact that NSPM-11 names it explicitly signals that this is a real threat, not a theoretical one.

Taken together, NSPM-11 and Section 1513 represent the clearest statement yet from the federal government that AI security is no longer a subset of general cybersecurity. It is a distinct discipline with distinct threat vectors, and the national security enterprise is now being directed to treat it that way.

What Section 1513 mandates for contractors is not a compliance checkbox. It is a reckoning with how AI tools are actually being used inside organizations that handle Controlled Unclassified Information (CUI).

The threat picture behind those requirements is specific. The FY2026 NDAA identifies the attack surface for AI systems explicitly: model tampering, data poisoning, adversarial prompt injection, model extraction, jailbreaks, supply chain compromise, insider threat, and unauthorized access to model weights. NSPM-11 adds model distillation attacks to that list. The NDAA’s framing makes clear that AI is no longer treated as software with a different interface. It is a class of systems with distinct failure modes that require distinct defenses.

The supply chain provision in Section 1512 also deserves attention. Congress referenced software bills of materials (SBOM) in a way that signals where regulatory direction is heading. DoW policies on SBOMs should apply, where feasible, to AI systems used, developed, or acquired by the Department. What that means in practice is that contractors may soon need to document not just what AI tools they are using, but what those tools are made of. Where the weights came from. What data trained the model. Whether any component of the AI system has a provenance that creates risk.

That requirement will be difficult to meet for organizations that have already deployed open-weight models without that audit trail. The most common finding third-party assessors already report is undocumented AI tool usage, where employees use AI services for tasks that touch CUI without the organization’s knowledge or policy coverage. The assessor does not distinguish between intentional adoption and shadow use. The exposure is the same.

The consequences for critical infrastructure extend beyond individual contractor compliance.

The DIB is the production system behind national security. The companies that manufacture components, process logistics, run maintenance operations, and support weapons programs are not just businesses with compliance obligations. They are nodes in a supply chain that an adversary would target in any serious conflict scenario. Pre-conflict disruption strategy does not require direct attacks on government systems. It requires access to the networks of the contractors, suppliers, and service providers that feed those systems.

AI tools embedded in those contractor environments without security controls are not isolated risks. They are potential access points. A compromised model in a development environment can expose training data, code, and the logic of the systems being built. A model with data poisoning baked into its weights from a compromised supply chain can degrade output in ways that are difficult to detect and may not surface until the system is under operational stress. NSPM-11’s concern about an adversary being able to disable or degrade an AI system at a critical moment is the operational expression of exactly this risk.

The broader critical infrastructure picture compounds this. The sectors designated under Presidential Policy Directive 21 — energy, water, transportation, financial services, healthcare, and defense production — have been progressively absorbing AI tooling. Many of those operators are not DIB contractors. They do not face CMMC. But they face the same supply chain risks, the same open-weight model cost pressures, and the same absence of a security framework built for AI-specific threats. CMMC and NSPM-11 together provide a template. The sectors without an equivalent are operating without a floor.

The timeline is tighter than it appears. The Department of War must report to Congress on Section 1513 implementation by June 16, 2026. The assessment framework is due by June 2027. NSPM-11 sets 90 and 120-day deadlines for updated policies, procurement processes, and a joint AI risk management strategy across the national security enterprise. CMMC took years to build after its first NDAA provision in 2020. The AI framework is being layered on top of an existing structure with hard deadlines attached. Organizations that start from zero when the framework arrives will be in the same position contractors found themselves in during the original CMMC rollout: behind on requirements that were visible well in advance.

What organizations in the DIB need to do right now requires discipline and visibility, not new technology. Map every AI tool in production and in development. Determine which tools interact with CUI. Document that interaction in the System Security Plan. Establish a policy on AI tool usage and enforce it. Audit for undocumented use. Assess the provenance of any open-weight models in the environment, particularly those from non-allied nations. Begin building the audit trail that a SBOM requirement for AI systems would demand.

NSPM-11 is less than a week old. Section 1513’s status report to Congress is due this week. The regulatory environment around AI security in the DIB is moving faster than most contractors are tracking.

The window to get ahead of it is narrowing.

 AI helped me write this. Not before I read the sources, but after. I read the content, formed a view, and identified what mattered. The writing assistance came last and I edited the AI generated content. 

I have a full-time job and this is not a content generation operation, so I use AI as a tool to help me post.