On January 9, 2026, the Department of War released its Artificial Intelligence Strategy for the Department of War — an order to build an "AI-first" warfighting force at "wartime speed." As Covington's Inside Government Contracts summarized, the memo launches seven Pace-Setting Projects, including GenAI.mil — the "utilization of AI models by civilian and military personnel at all classification levels" — and Enterprise Agents to push commercial frontier models into defense workflows faster than ever.
For the defense industrial base, the message landed: adopt AI now. The proposal team is already drafting technical volumes in ChatGPT. The engineering team is summarizing test reports in Copilot.
There is a second regulator that never got the AI-first memo. Its name is ITAR, and it can treat that workflow as an export.
A separate regime from CMMC — with separate enforcement
Most defense contractors are scoping their AI use against CMMC and DFARS. But the International Traffic in Arms Regulations are a different regime entirely, enforced by the State Department's Directorate of Defense Trade Controls (DDTC) — not DoD. As the Law Reform Institute's Joe Khawam and Tim Schnabel explain in Just Security, ITAR's definition of "technical data" turns on functional content: it covers "information necessary for the design, development, operation, or production of defense articles—without regard to whether that information was produced by a human engineer, photocopied from a blueprint, or synthesized by an AI model."
When an engineer pastes a component specification covered by the U.S. Munitions List into a commercial chatbot, that technical data leaves the contractor's controlled boundary and reaches a system whose infrastructure and workforce the contractor does not control. ITAR treats the disclosure of controlled technical data to a foreign person — even one located inside the United States — as a "deemed export." A clean CMMC assessment provides no shelter: these are separate authorities with separate enforcement.
This is not hypothetical
The Law Reform Institute tested it directly. Working with an ITAR expert who previously conducted commodity jurisdiction analyses for DDTC, researchers assessed whether public frontier models could generate ITAR-controlled technical data. The finding: "Models from four leading U.S. developers were tested across several categories of defense articles on the ITAR's U.S. Munitions List. Every tested model produced such information in at least one category."
And the agencies responsible — DDTC for ITAR, the Commerce Department's Bureau of Industry and Security (BIS) for the Export Administration Regulations — "have yet to address this challenge with authoritative guidance. The result is a policy vacuum." Contractors are operating in that vacuum every day.
ITAR's reach does not stop at static files. As Georgetown's CSET researchers Emily Weinstein and Kevin Wolf note, the regulations also govern the provision of "defense services" — so if a U.S. person were to use an AI system "to help a foreign person develop a better weapons system, that act — even when the underlying AI technology were not controlled — would already be prohibited if without an authorization." Violating these controls "can result in significant civil or criminal penalties."
The forensic problem nobody budgeted for
Whether a transfer is lawful depends on facts the model never sees. As Just Security lays out: "A transfer to a Canadian citizen in Canada may require no license; the identical transfer to a South African national in the United States may trigger 'deemed export' controls; the same transfer to a Russian national in Russia may be prohibited entirely." A chatbot cannot verify a user's nationality, and users can falsify it.
Worse, when controlled data leaves through a chat window rather than the traditional channels — "traceable shipments, emails, or physical meetings" — it "leaves minimal independently discoverable forensic evidence." That is the part that should worry a compliance officer most. If you cannot see what controlled data crossed the boundary, you cannot license it, you cannot report it, and you cannot prove to an auditor that it never happened.
The control lives at the data boundary, not the model
The established compliance mechanism for internal AI use is the Technology Control Plan — "the same framework used successfully across research universities, national laboratories, and the defense industrial base." A TCP for AI, Just Security notes, "would include comprehensive logging of internal model interactions, personnel screening protocols, and information security measures protecting digital access."
Notice where that control sits. It is not inside the model — you do not control OpenAI's weights or Microsoft's data centers. It sits between your workforce and the model, at the point where data is about to cross the boundary. That is the only place you can inspect a prompt for USML-classified content, block the prompts that should not leave, tie each interaction to a verified person, and produce the tamper-evident log a DDTC inquiry or a CMMC assessor will demand.
Where Containment.AI fits
Containment.AI enforces AI governance policy in real time at exactly that boundary — at the proxy layer and in the browser, with an admin dashboard for audit. Policies you configure inspect what your workforce is about to send to ChatGPT, Copilot, Gemini, or any LLM; block sensitive technical data before it leaves; and generate the attribution-complete record that turns "we think no one pasted a spec into a chatbot" into evidence.
The Pentagon's AI-first order is not slowing down, and neither is the rate at which controlled technical data finds its way into a prompt. The contractors who stay out of an export-control headline will be the ones who governed the data boundary before DDTC issued its first piece of AI guidance — not after.
Containment.AI enforces AI governance policies at the browser and proxy layer in real time — monitoring AI sessions, blocking controlled data before it leaves the boundary, and generating the audit evidence defense contractors need. See how it works →