In letters sent to the heads of the departments of Commerce, Homeland Security, Education, Energy and others, Rep. Gerry Connolly, D-Va., wrote that if agencies are failing to ensure that AI vendors have adequate approval through programs like FedRAMP, then they risk violating the law. Connolly specifically pointed to the Privacy Act of 1974, the Federal Information Security Management Act (FISMA) and the E-Government Act of 2002. He also referenced the Advancing American AI Act, noting that agencies must keep a public inventory of current or planned uses.
The House Oversight ranking member also highlighted an analysis from the Cyber-Intelligence Brief that found government IP addresses linked to an AI product called Inventry.ai that was designed for supply chain management. The analysis found “indications of a ‘massive firehose of data being sent to the AI company’s servers’ likely connected to the disclosure of ED data to the company by DOGE team members,” Connolly’s letter stated.
The lawmaker wrote that Inventry.ai has not yet been approved for federal cloud use through the FedRAMP process.
“These actions demonstrate reckless AI misuse, blatant disregard for data privacy and a severe failure to maintain the cybersecurity of federal systems,” Connolly wrote.
Add new comment