Blog · Analysis · May 2026

The State Rents Its Mind

Public-sector AI procurement is where public authority can quietly become model dependence. The chatbot is the visible layer; the contract is the constitutional layer.

Adoption Becomes Infrastructure

The public conversation about government AI usually starts at the service window. Will the chatbot answer correctly? Will an automated system deny benefits? Will a risk score bias enforcement? Those questions matter, but they arrive late. By the time a citizen meets the interface, an older decision has already shaped the state: the agency has bought, licensed, integrated, or piloted a model system.

Procurement is where AI becomes government. It is where a model's terms of use, data rights, audit rights, pricing, security posture, model-update schedule, hosting arrangement, and exit path become part of public administration. The state does not merely use a tool. It rents a slice of someone else's cognitive infrastructure and attaches it to public authority.

The scale is no longer hypothetical. GAO reported in July 2025 that across 11 selected agencies with AI inventories, reported AI use cases nearly doubled from 571 in 2023 to 1,110 in 2024, while generative AI use cases rose from 32 to 282. That does not mean every use case is dangerous. Many are routine: drafting, document search, translation, service support, data analysis, cybersecurity assistance, and internal workflow. But routine tools can still become institutional defaults.

The risk is not only a bad algorithmic decision. It is administrative habituation: the public agency learns to think, search, summarize, classify, and communicate through rented systems whose deeper incentives are not public.

The Procurement Layer

The United States has already started writing procurement into AI governance. OMB Memorandum M-25-21, issued April 3, 2025, replaced the earlier M-24-10 framework and directed agencies to accelerate AI adoption while maintaining safeguards for privacy, civil rights, civil liberties, and public trust. It continued requirements around Chief AI Officers, AI strategies, inventories, governance, and minimum risk-management practices for high-impact AI.

OMB Memorandum M-25-22, issued the same day, addressed acquisition more directly. Its themes are revealing: a competitive AI marketplace, taxpayer-dollar protection through performance tracking and risk management, and cross-functional engagement in procurement. It explicitly warns agencies to pay attention to vendor sourcing, data portability, and long-term interoperability to avoid costly dependence on a single vendor.

GAO's 2026 review of federal AI acquisitions shows why that warning is practical rather than abstract. Agencies told GAO that traditional acquisition timelines can be poorly aligned with fast-moving AI markets. Officials also identified requirements definition and contract terms as persistent challenges. In one FEMA example, officials said that using an existing contract was faster but limited the AI terms they could include, including a post-award testing requirement.

This is the governance hinge. Speed helps agencies experiment. Speed can also lock weak terms into consequential systems. A pilot that lacks audit rights, data rights, testing duties, model-change notice, or exit provisions may look cheap at the beginning and become expensive when the agency cannot govern the system it now relies on.

What the Vendor Gets

AI vendors do not only sell software. They can receive workflow knowledge, domain data, user feedback, institutional credibility, public-sector distribution, and a path into future contracts. A vendor that becomes familiar to an agency can shape what the agency later believes is easy, normal, measurable, or modern.

That is not necessarily corrupt. Governments need vendors. Public agencies cannot build every model, data pipeline, security system, user interface, and evaluation suite themselves. The issue is whether the agency keeps enough public capacity to remain a buyer with judgment rather than a dependent customer with legal authority.

GSA's current "Buy AI" page makes the acceleration visible. As of May 2026, it lists federal access routes for USAi, Anthropic, Google, OpenAI, Perplexity, xAI, customer-service automation, cloud AI services, emerging-technology contracts, and OneGov IT agreements. Its procurement guidance tells agencies to start with mission needs, scope and test solutions, and use pilots or sandboxes before large purchases. That is sound advice. It also shows the shape of the new marketplace: public administration is becoming an AI sales channel.

The OneGov model deepens the tradeoff. GSA's September 2025 announcement with Meta described a streamlined approach that would make Llama models more accessible across federal departments and reduce repeated agency-by-agency negotiations. Standardization can save time and improve bargaining power. It can also make one central deal define the practical AI environment for many agencies at once.

Centralized buying is not automatically capture. But centralized buying raises the stakes of contract design. If the deal is good, public capacity scales. If the deal is weak, dependency scales.

Public Records, Private Models

Government AI is different from workplace AI because public agencies carry coercive and service obligations. They grant benefits, collect taxes, enforce rules, inspect facilities, manage records, answer the public, allocate resources, and decide who receives attention first. Even "internal productivity" tools can alter how public servants see the record.

That makes data rights central. M-25-21 advises agencies to retain sufficient rights to government data and improvements to that data, including cleaning and labeling, and to prevent vendor lock-in. It also says contract terms should protect federal information from unauthorized disclosure or use and from being used to train or improve a vendor's commercial offerings without agency permission.

Those clauses are not paperwork. They are public memory protections. A records-search assistant trained or tuned around agency documents may reshape how a public archive is navigated. A benefits-support tool may learn from casework patterns. A public-contact chatbot may accumulate a map of citizen confusion. A procurement assistant may learn the practical grammar of government buying. If the public does not retain rights, logs, explanations, and exit paths, administrative memory can migrate into private infrastructure.

The public also needs records of the AI layer itself. For high-impact uses, useful oversight may require model versions, prompts, retrieved sources, evaluation results, human-review traces, incident logs, vendor-change notices, and documentation of when AI output was used as a principal basis for action. A citizen cannot appeal a shadow.

From Pilot to Dependence

AI adoption often begins with modest language: trial, sandbox, pilot, assistant, copilot, workflow support. Those words lower institutional resistance. They also hide the path by which a tool becomes ordinary.

A pilot changes habits. Staff learn a vendor's interface. Managers build process metrics around it. New hires are trained into it. Old workflows are allowed to decay. Documents are formatted for it. Integrations are added. Budget lines normalize. Public expectations adjust. After enough time, the agency can still "choose" another system on paper, but the cost of leaving has grown.

This is why AI procurement is not only about buying the best model today. GAO's 2026 acquisition review includes a GSA official's warning against committing to the AI equivalent of early search engines that later lost to stronger competitors. The point is not nostalgia for web history. It is institutional discipline: do not build public administration around a vendor just because that vendor is first, cheap, fashionable, or easy to buy this fiscal year.

Model markets change. Policies change. Capabilities change. Pricing changes. Safety behavior changes. A system that works acceptably in one release may drift under new data, new prompts, new tools, or new vendor priorities. A public agency needs contract language and internal skill that survive that volatility.

Democratic Procurement

A democratic AI procurement standard should be stricter than "the model is useful" and more practical than "never buy commercial AI." The useful standard is public control under real operating conditions.

First, define the public task before selecting the model. Agencies should not buy generic intelligence and then search for a mission. The problem, affected population, risk category, records involved, human-review path, and failure mode should be named before procurement language hardens.

Second, require data and model portability where feasible. The agency should know what data it can export, what improvements it owns, what logs it keeps, and what happens if it changes vendors. Portability is bargaining power.

Third, preserve audit and public-record rights. Trade secrets cannot become a universal shield around public authority. Contracts should anticipate audits, records requests, incident investigations, litigation holds, model-change notices, and public explanations where lawful.

Fourth, test before and after award. Pre-award demos are weak evidence. Systems need task-specific evaluation, subgroup analysis where relevant, security review, red-team testing for misuse or prompt injection, monitoring after deployment, and clear discontinuation triggers for high-impact uses.

Fifth, keep public servants competent. AI can support public work, but it should not hollow out the expertise needed to supervise it. Agencies need technical, legal, procurement, records, privacy, civil-rights, security, and frontline domain knowledge inside the institution.

Sixth, make inventories meaningful. A public AI inventory should not be a vague catalog of tools. It should help the public understand purpose, owner, vendor, status, affected population, risk level, and accountability path where disclosure is lawful. Inventories are the first defense against invisible automation.

This standard is not anti-innovation. It is the condition for legitimate innovation in public service. A government that cannot explain, test, exit, or contest its AI systems has not modernized. It has outsourced part of its mind.

The Spiralist Reading

The state is not only a set of laws. It is a memory system. It stores names, cases, benefits, records, maps, histories, obligations, exceptions, complaints, permissions, and reasons. When AI enters that memory system, it changes how the state remembers and how it answers.

That is why procurement matters. The interface may look like a helpful assistant, but the contract decides whether the assistant is inspectable, portable, contestable, and subordinate to public duty. A model-mediated agency can become faster while becoming less answerable. It can sound clearer while hiding more of the path between record and decision.

The danger is not that every government chatbot becomes a tyrant. The danger is quieter: public authority learns to speak through private systems until the public can no longer tell where the state ends and the vendor begins.

The answer is institutional design. Public AI should leave trails. It should have owners. It should preserve appeal. It should protect public data from silent reuse. It should keep exits open. It should make procurement officers, technologists, lawyers, auditors, frontline workers, and affected communities part of the same loop before the system becomes normal.

The state may use models. It must not rent away the conditions of its own judgment.

Sources

Return to Blog