CMMC for AI: Integrating Cybersecurity with AI Governance
The United States Department of Defense is in the midst of one of the most consequential cybersecurity overhauls in modern history. The Cybersecurity Maturity Model Certification, or CMMC, is transforming how defense contractors—and the vast ecosystems of subcontractors that support them—protect sensitive information and demonstrate security maturity. But as artificial intelligence systems increasingly power defense applications, from predictive maintenance and autonomous logistics to intelligence analysis and battlefield decision support, a critical question has emerged: how does CMMC apply to AI?
The answer is that CMMC applies with full force and then some. AI systems do not exist in a regulatory vacuum. They process controlled unclassified information (CUI), interface with federal contracting networks and introduce attack surfaces that traditional cybersecurity frameworks were never designed to address. For defense contractors, system integrators and AI vendors, the intersection of CMMC and AI governance is no longer a niche concern. It is a board-level imperative.
At CSOAI, we have spent years building CSOAI certification as the global standard for AI safety. Through our work with defense enterprises and our Enterprise Governance programs, we have developed deep expertise in the convergence of cybersecurity compliance and AI governance. This article provides a comprehensive guide to that convergence: what CMMC requires, how AI systems introduce unique risks and how organizations can build an integrated compliance strategy that satisfies both CMMC auditors and AI safety stakeholders.
Understanding CMMC: The Three Levels
CMMC 2.0, the current version of the framework, establishes three levels of cybersecurity maturity that contractors must achieve depending on the sensitivity of the information they handle and the nature of their defense contracts. Each level builds on the last and each has direct implications for how AI systems must be designed, deployed and governed.
CMMC Level 1: Foundational Safeguarding
Level 1 focuses on basic cyber hygiene and applies to contractors who handle federal contract information (FCI) but not CUI. The requirements align with the 17 controls specified in 48 CFR 52.204-21. For AI systems, Level 1 means ensuring that any system touching FCI has baseline access controls, acceptable use policies and physical security measures. While relatively light, Level 1 sets the floor: even experimental AI prototypes used in defense contexts must not be hosted on unsecured infrastructure or trained on unprotected datasets.
CMMC Level 2: Advanced Protection
Level 2 is where most defense contractors operate. It aligns with the 110 security requirements of NIST SP 800-171 Rev. 2 and applies to organizations that process, store, or transmit CUI. For AI systems, Level 2 is transformative. It demands access control, audit logging, configuration management, encryption, incident response and risk assessment—all applied to the AI lifecycle from data ingestion to model retirement.
Importantly, Level 2 requires organizations to document how they protect CUI not only in production systems but also in development and training environments. For machine learning teams, this means that training datasets containing CUI must be encrypted at rest and in transit, model development environments must be segmented from general corporate networks and any cloud services used for AI workloads must meet FedRAMP authorization standards.
CMMC Level 3: Expert-Level Security
Level 3 is reserved for contractors working on the most critical defense programs. It adds requirements from NIST SP 800-172, emphasizing advanced persistent threat (APT) resistance, enhanced supply chain scrutiny and proactive threat hunting. AI systems at Level 3 must demonstrate not only compliance but resilience: the ability to detect, withstand and recover from sophisticated adversarial campaigns.
At this level, AI-specific risks become central. Adversaries may attempt to poison training data, exfiltrate model weights, launch inference-time evasion attacks, or exploit prompt injection vulnerabilities in large language models. CMMC Level 3 does not explicitly list every AI attack vector, but its requirements for anomaly detection, supply chain integrity and continuous monitoring create the structural conditions under which AI security can be rigorously enforced.
Why AI Systems Amplify CMMC Risk
Artificial intelligence is not just another software application. It is a fundamentally different kind of technology with fundamentally different risk characteristics. Understanding these characteristics is essential for any organization trying to map CMMC controls onto AI operations.
Data intensity. AI systems are voracious consumers of data. The datasets used to train, validate and fine-tune models are often orders of magnitude larger than the codebases themselves. This creates an enormous attack surface for data exfiltration, unauthorized access and insider threats. Under CMMC, protecting these datasets requires granular access controls, data loss prevention tools and rigorous classification practices.
Opacity and explainability gaps. Many advanced AI models, particularly deep neural networks, operate as "black boxes." It can be difficult to explain exactly how a model arrived at a particular decision. This opacity conflicts with CMMC requirements for audit logging, incident analysis and forensic investigation. Organizations must implement model monitoring, explainability tools and decision-tracing mechanisms to satisfy both AI governance and cybersecurity audit expectations.
Supply chain complexity. Modern AI development relies on a global supply chain of pre-trained models, open-source frameworks, cloud inference APIs and third-party data brokers. Each of these dependencies introduces potential vulnerabilities. CMMC Level 2 and Level 3 place heavy emphasis on supply chain risk management, requiring organizations to vet subcontractors, assess software bills of materials (SBOMs) and monitor for vulnerabilities in dependencies.
Adversarial robustness. AI systems can be attacked in ways that traditional software cannot. Adversarial examples can fool computer vision models. Prompt injection can manipulate large language models into leaking sensitive information. Model inversion can reconstruct training data from model outputs. CMMC does not yet have dedicated AI adversarial controls, but its requirements for security testing, vulnerability management and anomaly detection provide the scaffolding on which AI-specific defenses must be built.
Continuous evolution. Unlike traditional software that is released in discrete versions, many AI systems evolve continuously through online learning, feedback loops and automated retraining pipelines. This dynamism makes it difficult to maintain a stable security baseline. CMMC requires configuration management and change control, which means AI teams must document model versions, track training data provenance and implement approval workflows for model updates.
AI-Specific Security Controls for CMMC Environments
While CMMC provides a strong cybersecurity foundation, it does not address every AI-specific risk. Leading defense contractors are supplementing CMMC with AI governance controls drawn from frameworks such as the NIST AI Risk Management Framework, ISO/IEC 42001 and CSOAI’s own 52-Article Charter. The following controls are rapidly becoming standard practice in CMMC-certified AI programs:
- Training data protection: Implement strict access controls, encryption and integrity checks for all datasets. Use data provenance tracking to ensure that CUI is not inadvertently included in open-source or commercial training corpora.
- Model extraction defense: Deploy rate limiting, output perturbation and query monitoring to prevent adversaries from stealing model weights or reconstructing training data through repeated API calls.
- Inference anomaly detection: Monitor production inference traffic for signs of adversarial input patterns, prompt injection attempts, or unusual usage that could indicate an attack in progress.
- Secure deployment pipelines: Apply DevSecOps practices to machine learning operations (MLOps), including automated vulnerability scanning, container hardening and immutable model registries.
- Red teaming and adversarial testing: Conduct regular adversarial simulations against AI systems to identify failure modes before adversaries do. Document findings and remediation actions for auditor review.
- Human-in-the-loop governance: For high-stakes AI decisions, implement human oversight mechanisms that cannot be bypassed by model outputs. This aligns with both AI ethics principles and CMMC requirements for access control and accountability.
CSOAI’s CSOAI Level 3 certification explicitly addresses these requirements, providing defense contractors with a ready-made AI governance framework that maps cleanly onto CMMC expectations. Organizations that achieve both CSOAI Level 3 and CMMC Level 2 or 3 are well-positioned to demonstrate comprehensive, end-to-end security and governance maturity.
Building an Integrated Compliance Strategy
Pursuing CMMC and AI governance certification in parallel can feel overwhelming. The documentation demands are substantial, the stakeholder groups are diverse and the technical requirements can seem to pull in different directions. But in practice, there is significant overlap between the two domains. The key is to build an integrated compliance strategy that unifies evidence collection, risk assessment and auditing processes under a single governance operating system.
Start with a unified risk register. Rather than maintaining separate cybersecurity and AI risk registers, organizations should map AI-specific risks—data poisoning, model theft, adversarial evasion—into the same framework used for CMMC risk management. This ensures that controls are coordinated, gaps are visible and resources are allocated efficiently.
Next, align policies and procedures. Many CMMC-required policies, such as incident response plans and configuration management procedures, can be extended to cover AI systems with relatively modest amendments. The goal is not to create a parallel policy universe but to embed AI governance into existing cybersecurity workflows.
Finally, pursue integrated assessments. CSOAI offers integrated assessment pathways that allow organizations to satisfy CSOAI and CMMC requirements through a coordinated audit program. By using shared evidence, common interviews and aligned testing schedules, these pathways can reduce total audit burden by 30 to 50 percent while improving the consistency of findings.
The Procurement Imperative
For prime contractors, the CMMC-AI convergence is also a supply chain issue. The Department of Defense has made clear that CMMC compliance will flow down to subcontractors at all tiers. If a prime contractor uses an AI vendor that is not CMMC-compliant, the prime’s own certification is at risk. This creates powerful market pressure for AI vendors to achieve not only product excellence but also security and governance maturity.
Forward-thinking primes are now requiring their AI vendors to demonstrate both CMMC readiness and AI governance certification. Some are embedding these requirements into requests for proposals, contract vehicles and ongoing supplier scorecards. For AI vendors, the message is unambiguous: cybersecurity and AI governance are no longer separate domains. They are a single competitive threshold.
Conclusion: The New Standard
The integration of CMMC and AI governance represents more than a compliance challenge. It is a strategic opportunity for organizations that are willing to lead. By treating cybersecurity and AI safety as interdependent disciplines, defense contractors can build systems that are not only compliant but genuinely resilient. They can earn the trust of government customers, differentiate themselves in crowded markets and contribute to the responsible development of AI for national security.
CSOAI is committed to supporting this transition. Through our CSOAI certification programs, our Enterprise Governance platform and our defense sector case studies, we provide the frameworks, tools and expertise that organizations need to navigate the CMMC-AI landscape with confidence. The future of defense AI will be built on secure foundations. Let us help you lay them.