Federal agencies are rushing into AI without cleaning house first

In 2024, while serving as Chief of Digital Resource Management at the Department of Veterans Affairs' Veterans Benefits Administration, I delivered a brief in a Microsoft Federal series on preparing Microsoft 365 for AI-driven knowledge management. I knew Microsoft 365 Copilot was about to land in federal tenants, and I wanted government leaders to understand that the readiness conversation had to begin with security and knowledge management, not productivity features.

Two years later, my concerns have only deepened. Federal agencies and their contractor partners are racing to deploy Copilot and similar generative AI assistants while sitting on years of accumulated governance debt. The result is a predictable security and quality crisis hiding in plain sight.

After leaving the VA for the contracting side, I saw the same patterns repeat. Knowledge management was an afterthought. Tenant governance was inconsistent or nonexistent. On one engagement, I found Officer Record Briefs and Enlisted Record Briefs, sensitive military personnel files containing personally identifiable information, sitting in SharePoint sites accessible to people who had no business viewing them. In the next breath, the same organization's strategic communications office announced that Copilot was coming. The contract had eliminated its dedicated knowledge management function the year before.

This is the gap that should worry every federal manager. Microsoft has been clear about how Copilot works: it surfaces information that users already have permission to access. It does not introduce new access paths. It simply makes existing permission failures faster, more searchable and far more visible. Microsoft's own deployment guidance now opens with a phased blueprint specifically aimed at oversharing remediation, and Gartner has projected that by 2027, 60% of organizations will fail to realize the value of their AI investments because of incohesive data frameworks.

In the federal context, the stakes are higher. Copilot is not summarizing marketing decks. It is summarizing personnel files, acquisition strategies, contractor evaluations and operational records. When permissions are sloppy, an analyst can ask a plain-English question and surface content that would never have left a controlled folder under traditional search. I tested these dynamics in my own private Microsoft tenant, building sandbox environments to probe how Copilot Studio agents respond to prompt manipulation when guardrails are weak. The lesson was sobering. The model behaves exactly as designed. The exposure is on us.

Three things have to be in place before any agency or contractor turns Copilot on.

First, knowledge management must be treated as core infrastructure, not a discretionary cost line. AI assistants only perform as well as the content they ingest. That requires documented processes, clear content ownership and someone accountable when a SharePoint site goes ownerless. Cutting the KM function to save money before deploying AI is the federal equivalent of removing the foundation before adding a second floor. Customer experience teams will feel the impact first, because they are the ones answering for wrong or stale answers.

Second, data governance has to be customized, not adopted out of the box. Microsoft Purview provides sensitivity labels, data loss prevention policies and oversharing assessments, but the default settings will not protect a federal tenant. Agencies need a label taxonomy that reflects their classification and handling requirements, auto-labeling policies that cover the bulk of existing content and DLP rules tied to the Copilot location so sensitive material is not summarized into broadly accessible chats.

Third, permissions must have ownership at the site level. Across agency tenants, I routinely find SharePoint permission groups stuffed with people who have left the organization or whose roles no one can identify. Inherited permissions are broken in unpredictable ways, and "everyone except external users" is treated as a default rather than a deliberate choice. A site without a named owner is a site that will eventually be queried by Copilot with no one accountable for what surfaces. Duplicate lists and stale documents compound the problem. When a Copilot response is wrong, leaders often assume the model hallucinated. More often, it pulled from a duplicated list or an outdated record that no one knew existed.

Underneath all of this is enforcement. Government agencies talk about standard operating procedures constantly, but the SOPs that matter for AI readiness, including naming conventions, retention policies, templates and roles and responsibilities, are rarely audited and even more rarely enforced.

Knowledge management is one of the most consistent oversights in federal operations. In the AI era, that oversight will produce real harm: leaked PII, bad decisions made from stale data and lost public trust in agencies that promised modernization. The agencies that prepare their digital house first will get the productivity gains. The ones that do not will spend years cleaning up what Copilot exposed.

Dr. Tori Reddy Dodla is the founder of Dodla Digital, a federal IT services firm focused on SharePoint, knowledge management and Microsoft 365 governance. She previously served as Chief of Digital Resource Management at the Department of Veterans Affairs' Veterans Benefits Administration.