The U.S. military's plan for artificial intelligence does not assume a stable internet connection. It assumes the opposite. The systems the Department of Defense is fielding are built to keep working when the network is jammed, degraded, or gone — and the AI riding on those systems has to keep working too. That single design constraint quietly breaks most of how AI governance is done today.
DDIL Is the Default, Not the Exception
In a September 2025 post, Google Public Sector described the requirement in the DoD's own framing: "For today's mission owner, operating effectively in denied, degraded, intermittent, and limited bandwidth (DDIL) environments is paramount. The Department of Defense's strategy requires smaller, dispersed teams to function autonomously, creating a critical need for secure AI and data processing at the edge."
DDIL — denied, degraded, intermittent, and limited bandwidth — is the connectivity reality of contested operations. Links get jammed, satellites drop, bandwidth shrinks to a trickle. The cloud services that an application leans on in garrison simply are not there at the forward edge. For AI, that is not an edge case. It is the operating environment.
The DoD has already put this to the test with live AI workloads. At Mobility Guardian 2025 — Air Mobility Command's (AMC) premier readiness exercise — the Air Force, Google Public Sector, and General Dynamics Information Technology (GDIT) deployed a Google Distributed Cloud (GDC) air-gapped appliance that, per Google, "successfully demonstrated its ability to generate critical intelligence and AI-powered insights in a disconnected environment." It ran a "secure, disconnected IL2 collaboration platform," processed air-defense data at the edge for real-time flight-path tracking, and stood up an AI tele-maintenance assistant from technical manuals — all without reach-back to the cloud.
Then came the detail that matters most for governance. Google reported the exercise "validated a complete workflow – from operating autonomously at the edge to syncing seamlessly back to the core network once connectivity was restored." The work happened locally. The record reconciled later. Hold onto that pattern.
When the Link Drops, Cloud-Based Governance Goes Dark
Most AI governance assumes a callback. The data-loss-prevention engine, the logging pipeline, the policy console — they live in a data center, and the endpoint phones home to ask permission and to report what happened. That architecture is fine in an office. In a DDIL environment it fails at exactly the moment it matters most.
When the network is denied or degraded, a governance layer that depends on a round-trip has two bad options: fail open and let the AI do whatever it wants ungoverned, or fail closed and take the mission-critical AI offline. Neither is acceptable when an analyst has minutes to produce an intelligence summary and the alternative is no decision support at all. The governance can't be the reason the AI goes dark — but ungoverned AI handling sensitive data at the edge is its own unacceptable risk.
The DoD Already Said AI Has to Be Governable
This is not a problem the Pentagon has overlooked. On November 14, 2023, the DoD Chief Digital and Artificial Intelligence Office (CDAO) publicly released the Responsible Artificial Intelligence (RAI) Toolkit, described as "a key deliverable of the DoD RAI Strategy & Implementation Pathway (RAI S&I Pathway), signed June 2022, by Deputy Secretary of Defense (DSD) Kathleen Hicks." That pathway, the release explains, "spells out 64 lines of effort for operationalizing the Department of Defense's AI Ethical Principles, including developing technical tools and guidance to help DoD personnel design, develop, deploy, and use AI systems responsibly."
CDAO chief Craig Martell put the bar plainly: "Responsible AI is foundational for anything that the DoD builds and ships." The office committed to "establish processes to design and employ human fail-safes in AI development and deployment."
Here's the tension. Human fail-safes, traceability, and policy enforcement are easy to promise from a console with a live connection. They are hard to keep when the connection is the first casualty of the fight. An AI system can only be governable at the edge if the governance itself is built to run at the edge.
The Control That Survives Disconnection Is the Data Boundary
There is one place governance can live that does not depend on a network round-trip: the boundary where data crosses into the model. Every prompt, every retrieval, every model response passes through that boundary. A control that sits there — and makes its decision there — does not need to call anyone.
A policy decision made at the data boundary is a local computation: block this prompt, redact that field, allow this query, write this line to the audit log. It runs whether or not the satellite link is up. Two properties make a boundary control DDIL-ready:
- Deterministic. The same input yields the same policy outcome every time, with no dependency on a remote model or a remote rules service that may be unreachable. The enforcement is a rule evaluated locally, not a question asked of the cloud.
- Local and buffered. The audit record is written where the action happens and reconciled when connectivity returns — the same "operating autonomously at the edge" then "syncing seamlessly back to the core network once connectivity was restored" pattern Google validated at Mobility Guardian. The evidence is never lost just because the link was down when it was generated.
Governing the model — its weights, its training, its alignment — is necessary but not sufficient. At the edge, the variable you can actually control in the field is the data crossing the boundary. That is the layer that determines whether sensitive information leaves, whether a policy is enforced, and whether there is an audit trail to show for it when the after-action review comes.
What This Means for Programs Building Edge AI
If you are fielding AI into DDIL conditions, treat governance as a co-located component of the system, not a cloud service it calls. Decisions enforced at the data boundary, policy that evaluates without reach-back, and audit logs that buffer locally and sync on reconnect are the properties that keep AI both useful and governable when the network is contested. Build them in before deployment — retrofitting governance onto a forward-deployed system after it ships is far harder than designing the boundary in from the start.
The DoD's strategy already committed to AI that works disconnected. The governance has to clear the same bar.
Containment.AI enforces AI governance policies at the data boundary in real time — monitoring AI sessions, enforcing policy at the point data crosses into the model, and generating the audit evidence reviewers expect. The data-boundary model is the architecture that points toward the edge: the decision happens where the data is, not at a console an ocean away. See how it works for defense →