We find ourselves at the intersection of historic geopolitical tensions and the development of a seminal technology that was once only thought to be a matter for science fiction. As the report “How is the global surge in defence and dual-use AI investment reshaping the AI race?” (Report) articulates, the promise and rapid development of Artificial Intelligence (AI) is reshaping the relationships between commercial and defense industries, as we enter a new paradigm of national security.
AI, in the context of national security, requires a holistic review of the government procurement lifecycle, from acquisition to deployment, addressing everything from rights and liabilities for contractors to the rules and norms for armed conflict. The trends outlined in the report, particularly the convergence of commercial innovation and national security priorities, represent a significant market opportunity. But it also represents a legal and regulatory environment that is untested and fraught with peril for the unfamiliar. The compliance infrastructure built up over decades around traditional defense primes — export controls, procurement integrity, cost accounting, organizational conflicts of interest, cybersecurity certifications — applies in full to the new entrants, and the enforcement apparatus is both well-funded and increasingly focused on this sector—a risk that is aggravated by the whipsaw pattern in policy seen out of Washington D.C.
The first question any commercial AI company entering the defense market must answer is: what is my product, legally?
AI systems that perform commercial functions in one deployment can, with minimal modification, become International Traffic in Arms Regulations-controlled (ITAR) defense articles in another. Model weights, training data, fine-tuning procedures, and inference infrastructure each raise separate classification questions under the Export Administration Regulations (EAR) and ITAR. A commodity jurisdiction determination that seems academic at the product-design stage becomes existential when a foreign national engineer accesses source code, when a model is fine-tuned on defense customer data, or when an investor in a Series C round traces back to a country of concern.
The Department of Justice’s Civil Cyber-Fraud Initiative has produced a steady flow of settlements against defense contractors whose cybersecurity representations did not match their actual controls. Commercial AI companies accustomed to SOC 2 as their ceiling of cybersecurity compliance will find the requirements for CMMC 2.0 Level 3 are materially more demanding and materially more consequential when representations prove inaccurate.
False Claims Act (FCA) exposure in the AI context extends well beyond cybersecurity. Performance representations about model capability, accuracy, bias mitigation, hallucination rates, and human-in-the-loop controls are all potential predicates for a qui tam action. The technical difficulty of verifying AI performance claims cuts the other way in litigation, where former company insiders, turned qui tam relators, can more easily raise factual disputes about what the government was promised versus what it received.
If the Department of Justice’s Civil Cyber-Fraud Initiative defined the first wave of technology-focused FCA enforcement, supply chain security is shaping up to define the second. The same sovereignty and decoupling pressures that are reshaping the commercial AI market have driven a parallel expansion of federal supply chain requirements — and with that expansion, a growing set of representations and certifications that can form the predicate for FCA liability.
This challenge is more acute for AI products than for traditional defense articles. A fighter aircraft has a bill of materials that, while complex, is bounded and physical. An AI system’s supply chain includes training data (often scraped, licensed, or synthesized from sources whose provenance is imperfectly documented), pre-trained foundation models (increasingly sourced from third parties under licenses that disclaim warranties), open-source software dependencies (which themselves have transitive dependencies numbering in the thousands), compute infrastructure (which may route through foreign-owned data centers), and fine-tuning data (which may incorporate customer inputs with unclear provenance). A contractor representing compliance with Section 889 or with DFARS 252.204-7012 cybersecurity requirements is effectively representing something about each of these layers. The gap between what contractors can realistically verify and what they are certifying is one of the most underappreciated points of FCA exposure in this developing market.
In pursuit of delivering innovative solutions to the Warfighter at the speed of relevance, the boundaries between military officials and defense contractors are narrowing. Between the pattern of high-profile technology executives taking commissions in military reserve units and military-led innovation cells being established at the tactical edge, the traditional compliance playbook is
likely outdated. This model of close integration with defense customers will bring heightened scrutiny from Inspectors General, Congress, and competitors’ claims of foul play.
While organizational conflict of interest rules, post-employment restrictions, and procurement integrity laws all apply, their application to dual-affiliation arrangements or collaborative innovation procurement authorities raises genuinely unsettled questions of law. Internal controls on information walls, recusal protocols, employment screenings, and gifts and gratuities compliance require meaningful design work that is operational in the new environment.
The potential legal risks for AI companies weighing into the defense sector are not limited to internal controls or stop at the procurement action. Once products or solutions are delivered into the hands of the defense customer, liability may arise from how those systems perform or are ultimately leveraged.
The Boyle v. United Technologies1 government contractor defense provides meaningful protection for contractors producing equipment to government specifications, but its application to AI systems is likely to generate significant litigation. The defense depends on the government approving reasonably precise specifications, the equipment conforming to those specifications, and the contractor warning of dangers known to it but not to the government. Each of these elements is harder to satisfy for AI systems, where specifications tend to be functional rather than technical, where conformance is probabilistic rather than binary, and where the contractor typically understands failure modes better than the government customer.
Claims from the defense customer are not the only potential liability faced by AI-system defense contractors. A recent split decision in the Fourth Circuit, Al Shimari v. CACI Premier Technology2, opened avenues of conspiracy liability for defense contractors based on the actions of their defense customers under the Alien Tort Statute. Under this theory of liability, one can imagine how the ATS may be applied in the context of AI-driven targeting solutions or autonomous weapons platforms—particularly if “good enough” is the domestic standard for AI models.
The current Administration is accelerating U.S. policy effecting many of the trends outlined in the Article. While there seems to be a consensus around some of the underlying principles furthered by these policies, how those principles are being actioned is the subject of much disagreement in Washington.
1 487 U.S. 500 (1988).
2 No. 25-1043 (4th Cir. 2026).
Broad policy changes often bring about a reallocation of resources, and the government typically contracts with the power to adjust to this reality. In almost every procurement action, the government reserves the right to terminate the contract for convenience. While contractors are entitled to payment for costs incurred and reasonable profit when the government exercises this right, the time to settlement is becoming lengthy and, in some instances, agencies are scrutinizing every aspect of a settlement offer to minimize their payout. Moreover, companies reliant on the steady funding of long-term government contracts will find themselves in a pinch with investors when a significant amount of next year’s projected revenue is, without warning, cut-off.
The changes to the geopolitical landscape and the advances in AI are developing at a rapid pace, accelerating the trends discussed in the report. The fear of missing out can lead many organizations entering the dual-use domain to get caught up in the haste. There is certainly great opportunity for companies that successfully navigate this changing environment, but there is also tremendous risk with haphazard pursuit of such a consequential technology. In these times, the sage advice of operators is warranted, “slow is smooth, and smooth is fast.”