AI in Defense Contracting Triggers New Legal and Compliance Risks
AI’s deepening role in defense contracting is exposing companies to new legal and compliance risks.
Why it matters: Legal teams must quickly identify and manage AI-related risks—including FCA exposure, supplier chain bans, and cybersecurity rules—to avoid multimillion-dollar penalties or contract disqualification in a rapidly evolving regulatory climate.
- L3 Technologies paid $62 million to settle FCA violations tied to incorrect cost disclosures.
- Insitu Inc. resolved FCA allegations for $25 million over knowingly false pricing data in UAV contracts.
- Aero Turbine Inc. and Gallant Capital Partners LLC settled FCA claims for $1.75 million tied to cybersecurity non-compliance.
- The 2026 NDAA bans AI from North Korea, China, Russia, and Iran in defense supply chains.
The rapid integration of artificial intelligence into the U.S. defense sector is triggering a wave of novel legal and compliance obligations for government contractors.
- Recent multi-million dollar False Claims Act (FCA) settlements have spotlighted the costs of non-compliance—even before AI became foundational in defense acquisition and contract administration.
- L3 Technologies’ $62 million settlement centered on failing to disclose correct cost and pricing data; Insitu Inc. paid $25 million for similar allegations.
- “We expect companies that seek to do business with the government to provide complete and accurate information so contract prices can be negotiated on a level playing field,” said Jeffrey Bossert Clark, Acting Assistant Attorney General at the DOJ.
The stakes are higher for AI-related compliance. The 2026 National Defense Authorization Act bans AI technologies developed by entities from North Korea, China, Russia, and Iran in defense contracts, extending False Claims Act liability across the entire supplier chain.
- Aero Turbine Inc. and Gallant Capital Partners LLC agreed to a $1.75 million FCA settlement for failing to comply with contract cybersecurity requirements. As Brett A. Shumate of the DOJ affirmed: “Government contractors must follow required cybersecurity standards to protect sensitive defense information.”
Supply chain scrutiny is intensifying as well, with the Pentagon designating AI provider Anthropic as a risk, causing its technology to be dropped by federal agencies.
In parallel, the Department of Defense is actively developing an AI and machine learning security framework that will integrate into defense acquisition and cybersecurity programs.
By the numbers:
- $62M — L3 Technologies FCA settlement for pricing data violations
- $25M — Insitu Inc. settlement for knowingly providing false cost data
- $1.75M — Aero Turbine Inc. and Gallant Capital settlement for cybersecurity non-compliance
Yes, but: Details on the Defense Department’s forthcoming AI security framework remain limited, leaving some uncertainty for compliance teams.
What's next: Contractors are awaiting final rules on AI cybersecurity and supply chain requirements from the Defense Department.