GAO warns federal AI procurement is repeating the same mistakes

While U.S. government agencies are buying more AI tools across government, a new Government Accountability Office (GAO) report says key agencies still are not systematically collecting lessons learned from those acquisitions. And that limits their ability to reuse effective contract terms, strengthen testing practices, and avoid repeating mistakes as AI procurement expands, GAO said.

The report’s basic message is that agencies are already buying AI in many forms, but unless they build a more durable system for capturing procurement lessons, they will continue solving the same problems one acquisition at a time.

The April report, Artificial Intelligence Acquisitions: Agencies Should Collect and Apply Lessons Learned to Improve Future Procurements, reviewed 13 AI acquisitions at the Departments of Defense (DoD), Homeland Security (DHS), Veterans Affairs (VA), and the General Services Administration (GSA), and found agencies using a wide range of acquisition approaches as federal AI use reportedly more than doubled from 2023 to 2024.

GAO said agencies are acquiring AI through agency-directed and vendor-driven approaches, through Federal Acquisition Regulation-based contracts and other agreements, and often as a service rather than simply as a product.

GAO’s main concern is not that agencies lack AI activity. It is that they are still not consistently preserving what they learn from that activity.

The report says DoD, DHS, GSA, and VA were “not yet systematically collecting lessons learned from AI acquisitions,” even though the Office of Management and Budget (OMB) has said agencies should share knowledge and resources about AI acquisitions through a GSA-developed repository.

According to GAO, officials at those four agencies said they were not prepared to do so because their policies did not require collection of lessons learned.

GAO identified six main challenge areas agencies face when acquiring AI. Three are strategic: access to subject matter experts, protections for government data and intellectual property rights, and traditional acquisition time frames and contract approaches.

Three are programmatic: requirements definition and contract terms, early testing and continuous evaluation, and AI pricing and overall cost.

The report gives concrete examples of those problems. On data and IP rights, GAO found that Federal Emergency Management Agency (FEMA) officials could not share certain geospatial model outputs with federal and state partners because the agency had not obtained the needed data rights at award.

National Geospatial-Intelligence Agency officials working on Maven, the Pentagon’s flagship AI project to integrate AI into military workflows, also reported difficulty determining what level of data and IP rights would be needed to preserve future competition.

Officials told GAO that for effective AI outcomes, “data is paramount.”

On testing and oversight, GAO says agencies have struggled with early testing and continuous evaluation because AI systems vary widely and can be difficult to assess.

GAO noted that OMB guidance says agencies should test proposed AI solutions before award and monitor them throughout the acquisition lifecycle, using validation and testing data not accessible to the vendor when conducting independent evaluations.

On cost, GAO found agencies often face uncertainty about AI pricing, including licensing and long-term infrastructure expenses. The report cites Army officials who said some proposed licensing fees for the XM-30 AI solution were around $300,000 per vehicle per year, and officials tied to Project Linchpin who warned that agencies often underestimate the ongoing infrastructure costs needed to sustain AI capabilities.

XM-30 is an optionally manned platform that maneuvers soldiers to a point of positional advantage to engage in close combat. Project Linchpin is a collaboration between the Army Futures Command’s AI Integration Center; Army Research Labs; Development Command; and the Chief Data and AI Office within the Office of the Secretary of Defense.

Privacy issues are addressed, but as part of the broader acquisition and governance framework rather than as the report’s central theme. GAO notes that OMB’s April 2025 guidance tells agencies to use cross-functional teams that include privacy expertise and to include contract terms addressing government data, intellectual property, privacy, and vendor lock-in.

The report also points to GSA’s USAi effort as an example where officials developed a privacy policy and contract language that set data ownership expectations and limited vendor access to chat interaction data.

GAO also shows what is lost when agencies fail to capture lessons learned. VA officials told GAO they retired the SoKAT suicide prevention solution in January 2023 after deciding it did not improve enough on existing tools to justify the added cost, but they did not document lessons from that effort.

FEMA officials likewise did not document feedback they gave a vendor about model weaknesses, including difficulty distinguishing between different types of dwellings.

GAO said those missed opportunities matter because other officials may later rely on the same contracts or vendors without access to that earlier knowledge.

GAO recommended that DoD, DHS, GSA, and VA update their policies to require officials to systematically collect lessons learned from AI acquisitions so they can be shared and applied by other agencies. All four agencies concurred.

Article Topics

GAO (Government Accountability Office)  |  government purchasing  |  procurement  |  U.S. AI policy  |  U.S. Government