Artificial intelligence (AI) tools and features introduce compliance risks that CMMC was not designed to address. Defense contractors using AI for drafting, analysis, or workflow automation may be exposing Controlled Unclassified Information (CUI), expanding their assessment scope, and inadvertently undermining access controls required by CMMC.
CMMC Level 2 requires contractors to demonstrate 110 security controls, as defined in NIST SP 800-171 Rev 2, before they can hold CUI or bid on covered contracts. None of those requirements explicitly anticipate AI.
AI is used in contractor environments as purpose-built tools procured by the organization, AI features embedded in or integrated with SaaS platforms already in use, and consumer tools employees adopt without IT involvement. Each creates a different exposure risk, and not all of them are visible to compliance teams.
These tools operate through APIs that often sit outside the contractor's defined system boundary. They process data in ways that are difficult to document and harder to audit. That combination creates compliance exposure risk.
CUI leaves the system boundary in more ways than most contractors expect. An employee pastes a contract clause into a commercial AI tool. A SaaS platform activates an AI feature that analyzes data across the environment. An automated workflow passes CUI to a connected service without human oversight.
In each case the data has left the assessed environment without authorization. NIST SP 800-171 Rev 2 requires CUI flow to be controlled in accordance with approved authorizations (3.1.3) and connections to external systems to be verified and controlled (3.1.20). CMMC also requires contractors to employ FIPS-validated cryptography when protecting CUI (3.13.10). If a contractor is relying on a commercial AI tool or SaaS platform to handle that protection, they need to verify the vendor meets that standard.
Every system that stores, processes, or transmits CUI falls within the CMMC assessment scope. AI tools that touch CUI bring the infrastructure behind them into scope as well.
A cloud-hosted inventory optimization tool that ingests data from an ERP that contains inventory and part data. A Service Management tool that utilizes customer submitted support cases to drive AI responses. A drafting tool that processes proposal content with technical specifications. Each represents potential scope expansion with real assessment consequences. Contractors who adopt AI tools without mapping their data flows may find their scope is significantly larger than expected.
CMMC requires contractors to limit system access to authorized users and restrict the functions those users can execute (3.1.1, 3.1.2). AI tools frequently work against both requirements.
Shared accounts eliminate user-level controls. Broad file permissions collapse least privilege. AI-generated outputs shared without review can propagate sensitive information to systems and users that should not have access. These are common failure modes because AI tools are built for convenience, and convenience often undermines access discipline.
CMMC requires contractors to establish and maintain baseline configurations for their systems (3.4.1, 3.4.2). AI tools create configuration management problems that are hard to resolve cleanly.
When a vendor updates an AI model, the contractor's system behavior changes without a formal change control process. When prompt configurations are modified informally, there is no audit trail. When AI-generated code enters production without standard review, it bypasses the same controls applied to everything else in scope.
CMMC requires contractors to track, document, report, and address incidents (3.6.1, 3.6.2). AI tools introduce scenarios that standard playbooks rarely cover.
If a commercial AI tool inadvertently exposes CUI, the contractor needs to determine what was exposed, when, and through what mechanism. With traditional systems, that investigation has defined starting points. With third-party AI systems, visibility into how inputs are handled, what logs exist, and how long data is retained is often limited or absent.
So what can you do as a defense contractor? The answer starts with knowing what AI is in use and whether it touches CUI. The next step is to work through technical controls that keep regulated data out of AI systems, govern how it moves between them, and produce the evidence an assessor needs.
Start with an inventory. Map every AI tool in use across the organization, including tools adopted informally at the employee level, AI features built into (or on the roadmap for) existing SaaS platforms, and third-party integrations. For each one, determine whether it could come into contact with CUI.
Assess whether any AI tools in use require inclusion in the CUI system boundary. Any tool that stores, processes, or transmits CUI is in scope. That includes AI features embedded in SaaS platforms your organization already uses, not just standalone AI tools procured separately.
If a tool is in scope, it needs to meet the same 110 security requirements as any other in-scope component. That means access controls, configuration management, incident response, and FIPS-validated cryptography, among others. If a tool cannot meet those requirements, its use in CUI workflows needs to be restricted or controlled.
Write a policy that covers authorization requirements, data handling rules, and the prohibition on processing CUI with unauthorized tools. Train employees on it and make compliance measurable. Ensure that AI is called out to set clear boundaries. These steps will act as a guide as you work towards securing CUI across systems.
The most durable defense is limiting how much CUI any AI system ever touches. This is where StratoKey's Cloud Data Protection Platform can help by tokenizing or encrypting CUI before it is transmitted to a SaaS platform or AI tool. This automatically ensures that any connected system receives only ciphertext or tokens. What is exposed has no intrinsic value. Tokenization can also directly support scope reduction.
Learn more about how StratoKey can secure CUI before it reaches AI systems
AI agents, automated workflows, and connected services generate machine-to-machine traffic that can carry CUI across system boundaries. StratoKey's API Gateway can sit in the path of that traffic, authenticate and authorize access, tokenize or encrypt payloads in transit, and block or re-route calls carrying regulated data to unauthorized AI services. It provides a single point of controlled access and maintains audit logs of machine interactions crossing a system boundary.
Learn more about how StratoKey's API Gateway can secure regulated data in motion
AI can operate with elevated privileges across systems holding regulated data. Least-privilege controls need to apply to every user, AI agent, and automated workflow. That means restricting access by user, group, or system, and controlling which AI tools and agents can reach systems where CUI is held. The StratoKey CDP Platform has granular access controls to do just that.
Learn more about the Cloud Data Protection Platforms, Identity Gateway, and Access Controls
CMMC requires evidence, not just controls. Enforce consistent data handling policies across AI tools, APIs, and agent workflows, and maintain audit logs that support assessment and regulatory record keeping. Visibility into how data moves across your AI environment is what turns a compliance posture into a defensible one.
Learn more about the Cloud Data Protection Platforms, Governance, Audit, and Visibility features
Contractors who use tokenization as part of their CUI protection strategy have a structural advantage when AI tools are involved. Tokenization replaces sensitive data values with non-sensitive substitutes before that data reaches downstream systems, including AI tools. The AI processes tokens rather than real CUI. If that data leaves the system boundary, what is exposed is a token with no intrinsic value.
This approach reduces the compliance risk of AI-assisted workflows without requiring contractors to prohibit AI use entirely. It also supports scope reduction, and the storage of CUI within your own FedRAMPĀ®-authorized or on-premise environment.
Learn more about the Data Protection Gateway's Tokenization features
AI tools create real CMMC compliance risks. Most are addressable, but only if contractors treat AI the same way they treat any other system component that touches CUI. Informal adoption, undocumented data flows, and absent policies are the conditions under which assessment findings occur. The contractors who avoid those findings are the ones who address them early and directly with controls.
StratoKey's Cloud Data Protection Platform has been providing organizations with the controls to help them meet CMMC compliance requirements. The CDP Platform is application agnostic and can help secure NetSuite, Plex, Jira, Confluence, ServiceNow, Salesforce and more.