The department has installed a chief AI officer as required, but it hasn’t updated agency policies.

The department has installed a chief AI officer as required, but it hasn’t updated agency policies. Douglas Rissing/Getty Images

Featured eBooks
Sponsor Content
Remaking Government: How Trump Plans to Reshape the Federal Workforce
Health Tech
Sponsor Content
Golden Dome Insights & Updates
Insights & Reports
5G Powers Mission-Ready Connectivity: Powering secure, real-time coordination for federal agencies
Presented By T-Mobile
Download Now
It’s not the injury, it’s the illness
Presented By GEBA
Download Now
Tech

USDA is using AI, but doesn’t have the required controls to manage risks, watchdog finds

The Agriculture inspector general noted the agency has prioritized making use of the technology over setting up controls.

Natalie Alms

|
Natalie Alms
Natalie Alms
Senior Correspondent, Nextgov/FCW

The Agriculture Department is using artificial intelligence to identify risks in the supply chain, estimate yearly corn and soybean yields and make recommendations during the permitting process.

But the department doesn’t have all of the required cybersecurity and governance controls to keep that technology in check, according to an inspector general report released last week, which found that Agriculture doesn’t even have a generative AI policy at all. 

The department hasn’t fully implemented cyber and risk controls in its AI systems, as required by federal standards, because it has prioritized using AI over setting up controls for the technology. The Trump administration has sought to aggressively roll out AI across the government, in addition to efforts to dominate with the technology on the world stage. 

At USDA, AI systems “could be vulnerable and lack critical security controls, leaving the agency susceptible to data breaches or reputational harm” because of the lack of strong governance around the technology, the new report says. 

Agriculture hasn’t followed all the risk management and governance controls set in place by the Office of Management and Budget during the Biden administration and modified by the Trump administration. The department has installed a chief AI officer as required, but it hasn’t updated agency policies — or implemented minimum risk management practices for AI systems deemed especially risky, like those that affect civil rights or critical infrastructure.

Almost none of the AI use cases in the department’s fiscal year 2024 inventory had an authority to operate, a formal approval issued for technology systems meant to make sure that the government thinks through the risks associated with different technologies before using them. 

That means that management doesn’t have assurance that the department has cybersecurity controls in place, the report says. 

The inventory itself may also be insufficient to account for all potential dangers, as the OIG said the department is at risk of shadow AI — technology used by employees that management isn’t aware of or hasn’t approved — creeping across the department, since it relies only on an annual data call for employees to self-report AI that they use. 

The watchdog included several recommendations for the department to implement controls and update policies, all of which Agriculture agreed with.

If you have a tip you'd like to share, Natalie Alms can be securely contacted at nalms.41.

NEXT STORY: 'Your 30 days has become 30 hours’: AI is reshaping federal cyber defense