The Federal AI Inventory Surfaced 3,611 Use Cases. Access Governance Wasn't a Field.

More than 85% of high-impact deployed AI use cases in the federal government's 2025 inventorylack required risk mitigation documentation, according to Brookings' April 2026 analysis. The documentation categories that are missing — pre-deployment testing, impact assessments, monitoring, appeals — don't even include identity governance, because the framework never asked about it.

The headline number you've seen is 3,611 use cases, a 105% increase. Federal CIO and CAIO Gregory Barbaccia called the growth evidence that agencies are "embracing responsible experimentation." The gap underneath that number is where your conversation lives.

The shadow IT discovery you already lived through

You remember the first time you ran discovery against a federal environment. The number that came back was wrong in the direction of more. More applications than anyone had documented. More access paths than anyone had approved. More users with more entitlements than any system owner had authorized. The scan surfaced what was already there.

The AI inventory is that discovery scan. Agencies reported what they're running, OMB collected it, and the aggregate picture is the first real view of AI deployment across the executive branch.

This is where your shadow IT intuition helps. This is where it starts to mislead you.

When your identity platform surfaced unknown applications, discovery was the first step in a sequence you already owned: discover, classify, assign ownership, define access policies, provision, audit. The discovery tool and the governance tool lived in the same system. Finding the application meant you were already standing inside the infrastructure that would govern it.

The AI inventory is a reporting exercise. Agencies fill out a template and submit it to OMB via GitHub. The governance infrastructure, if it exists at all, lives somewhere else entirely. Discovery happened. The governance loop never closed. And the template itself doesn't contain the fields that would close it.

What the inventory measures and what it doesn't

The seven minimum risk management practices under M-25-21 are:

• Pre-deployment testing
• AI impact assessments
• Ongoing monitoring
• Human training and assessment
• Human oversight and intervention
• Remedies and appeals
• End-user feedback

These are the categories agencies are supposed to document for high-impact use cases. Brookings found 85% of those use cases have incomplete documentation across them.

A precision note on that finding: Brookings analyst Valerie Wirtschafter is working from self-reported inventory data, not independent compliance audits. The 85% tells you agencies didn't fill in required fields. It doesn't tell you whether the risk mitigations exist operationally and just weren't reported, or whether they don't exist at all. Both are bad. They're bad in different ways. Your buyer will know the difference, so you should too.

Now look at those seven categories again. None of them require documentation of access controls, identity governance, provisioning records, or audit trails for AI systems. Who has access to the AI system, how that access was granted, who approved it, how it's reviewed: none of that is part of the framework OMB built.

It gets sharper. The 2024 inventory template, as documented in the Federal Reserve's compliance materials, included a Section 4 that asked about hosting systems authorized to operate and "provisioning technology resources." OMB streamlined the 2025 template to reduce reporting burden. Those infrastructure fields got trimmed. The inventory moved away from access governance documentation while the documentation gap was widening.

What the compliance plans show

Maybe the agency compliance plans fill the gap the inventory doesn't. I looked.

DHS comes closest. Its September 2025 compliance plan describes continuous authorization of IT systems and an AI-as-a-Service gateway architecture with automated policy enforcement. The language about "real-time evidence generated by robust continuous monitoring programs" reads like someone in that building understands AI systems need the same authorization infrastructure as any other IT system. Directive 139-08 requires that data access related to AI use complies with standards for security, privacy, and auditability.

But even DHS frames this as platform architecture, not inventory documentation. The continuous authorization model and the AI use case inventory are parallel tracks. The compliance plan says "we're building a platform that will handle authorization." It does not say "for each inventoried AI use case, document the access control mechanism." Those are different governance postures. Only one produces the per-system documentation an auditor would want to see.

The pattern holds across other agencies. HHS established an AI Governance Board with cybersecurity and data governance representation but doesn't connect the inventory exercise to access control documentation. Multiple agencies, including HHS, State, Education, and GSA, didn't even include unique use case IDs in their 2025 submissions, per Brookings. If you can't uniquely identify the use case, you certainly can't map access controls to it. Everywhere I looked, the inventory lives in one organizational lane, identity and access governance lives in another, and nobody has wired them together.

The reclassification move

Agencies faced an April 3, 2026 deadline to bring high-impact AI use cases into compliance with M-25-21's minimum practices or discontinue use. According to FedScoop, several agencies responded by reclassifying high-impact use cases as non-high-impact. They reduced the documentation burden by changing the label.

You've seen this before. It's the equivalent of an application owner reclassifying a system as "low impact" to avoid ATO requirements they can't meet on schedule. Same system, same risk, different paperwork.

Brookings surfaced a specific example: two offices within DOJ listed what appears to be the same AI tool, the PATTERN recidivism prediction system using PII, with different risk classifications. One office called it high-impact. The other didn't. Neither provided additional details on risk mitigation practices.

Where Barbaccia is looking

Barbaccia's framing at AI & Data Exchange 2026 was optimistic and deliberately forward-leaning. He highlighted scientific use cases: NASA analyzing Mars Rover data, DOE accelerating new material development. On workforce impact, he was specific:

His goal over the next year is to get agencies sharing use cases and eliminating AI silos. He has indicated he wants to move away from "overprescriptive, compliance-based" regimes that prioritize paperwork over results.

He did not address the 85% documentation gap. He did not mention governance maturity, documentation completeness, or access controls. Worth noting: Barbaccia's public statements carry a performative dimension. They signal where leadership wants attention directed. Evidence of outcomes lives elsewhere. That's how federal CIO communications work. The person overseeing both the federal CIO and CAIO functions is publicly framing the inventory as a success metric while Brookings is reading the same data as evidence of a governance vacuum. Both readings are defensible. Your discovery conversation starts in the space between them.

What to ask in the room

The inventory gives you specific, grounded territory for CAIO and CIO conversations. Questions you can bring into the room.

On the inventory process: How did your agency prepare its 2025 submission? Did the process surface AI tools or use cases that weren't previously documented?

On access documentation: For the AI use cases in your inventory, is there a documented access control mechanism for each one? Who owns the identity layer for inventoried AI systems: the AI program office, the CISO, the system owner?

On the gap between inventory and governance: Your compliance plan addresses AI governance at the platform level. Does your inventory connect individual use cases to specific access policies, provisioning records, or audit trails?

On the April deadline: How many of your high-impact use cases were brought into compliance by April 3? For the ones that were reclassified, what changed: the system or the label?

On what's next: OMB streamlined the inventory template this year. If they add fields next year, what do you expect them to ask for?

That last question does the most work. OMB asked about provisioning once, in 2024, and then took it out. The question of who has access to these AI systems, and how that access is governed, hasn't landed in the right field on the right form yet. The federal government completed its most comprehensive AI discovery scan to date and found that for the vast majority of consequential use cases, basic governance documentation is incomplete. The documentation it's missing doesn't even include the identity layer. Someone has to ask the questions the inventory didn't.