What this piece is about, and what it isn't
Ask who owns AI tool access governance at a mid-size civilian agency right now, and you'll get one of three answers. You'll get a name — usually someone who inherited the function informally when the person who was supposed to own it left. You'll get a committee, which means nobody owns it. Or you'll get a pause, followed by a redirect to the CAIO's office, which is itself frequently understaffed or operating in an acting capacity.
That pause is the signal. It tells you something specific about where identity accountability sits in that agency, and it's the thing you need to be listening for before you say anything about your product.
What Those Roles Were Actually Built to Do
Starting in 2023, federal agencies began publishing AI strategies under pressure from OMB's M-24-10 and its predecessor guidance. Those documents were unusually specific about implementation roles. Program managers responsible for tracking which AI tools were authorized and in use. Data stewards accountable for what training data and model outputs could touch which systems. IT governance staff who were supposed to build the provisioning workflows, run the access reviews, and manage the lifecycle of AI tool credentials the same way they managed SaaS licenses.
You can read these documents. They're public. The Department of Homeland Security's AI strategy named an AI Program Management Office with explicit accountability for tool governance. HHS published implementation guidance that mapped data stewardship functions to specific position types. Treasury's AI roadmap included access review cadences for AI-assisted decision tools. The roles weren't aspirational org chart decoration — they were the mechanism by which the strategy was supposed to become operational.
The identity governance functions embedded in those roles were not glamorous. Somebody had to maintain the registry of which staff had access to which AI tools. Somebody had to run the quarterly access reviews. Somebody had to build the deprovisioning workflow for when an employee with AI tool credentials transferred or separated. Somebody had to own the audit trail when an AI-assisted process touched a sensitive dataset. These are standard IAM lifecycle functions applied to a new category of tool.
That somebody, in a significant number of agencies, is no longer there.
The Gap at the Function Level
The federal workforce reductions that began in earnest in 2025 did not target AI governance roles specifically. They didn't have to. When agencies lose program management capacity across the board, the functions that were newest and least institutionalized disappear first. AI governance roles were, by definition, new. Many were in the process of being stood up. Some existed only in job postings — USAJOBS listings for "AI Program Manager, GS-13/14" that were open when the hiring freeze hit, then quietly closed.
What's uncovered now, at the function level:
Provisioning accountability. AI tools that were supposed to go through a formal access request and approval workflow are being accessed through informal channels — shared credentials, personal API keys, tool accounts provisioned by the vendor without an agency-side owner. The person who was supposed to build the provisioning workflow left. Nobody picked it up.
Access review cadence. The quarterly or semi-annual reviews that were supposed to catch stale access — staff who changed roles, contractors whose engagements ended, employees who separated — aren't happening. The policy exists. The person who was supposed to run the review doesn't.
Deprovisioning for AI-specific credentials. This is the one that's hardest to see. Traditional SaaS deprovisioning is visible because it's tied to directory accounts. AI tool credentials — API keys, model access tokens, agent service accounts — often aren't. They live outside the identity provider. When the governance staff who knew about them left, they took that knowledge with them. The credentials may still be active.
Audit trail ownership. When an AI-assisted process produces an output that gets challenged — a benefits determination, a procurement recommendation, a risk score — somebody needs to be able to reconstruct what data the model accessed and under whose authorization. That reconstruction requires maintained logs and someone with the authority and context to interpret them. In agencies that lost their data stewards, that capability is degraded or absent.
The IAM Parallel and Where It Stops Working
You've watched this happen before. Cloud migrations where the access governance layer was never properly staffed, and two years later the agency is running a privileged account cleanup because nobody owned the review process. The instinct is to read federal AI governance the same way: change management problem, implementation lag, we've seen this.
The parallel holds up to a point. With traditional SaaS and cloud infrastructure, the credentials that need governance are mostly visible to the identity provider. An Okta or Entra tenant sees the accounts. The access review tooling can pull a report. The gap is organizational — nobody running the review — but the technical surface is at least discoverable.
AI tool credentials are frequently invisible to the identity provider. API keys issued directly by model providers. Agent service accounts that authenticate to external APIs without touching the agency's IdP. OAuth grants made by individual users to AI-connected applications that never went through a formal provisioning request. The governance staff who were supposed to track these things were the discovery mechanism. Without them, the agency doesn't just lack a reviewer — it lacks visibility into what needs to be reviewed.
The cloud IAM gap is a process gap. This is a visibility gap that compounds into a process gap. Those require different interventions.
On Baseline Statistics: A Condition, Not a Caveat
Any workforce figures you've seen describing federal AI implementation capacity — staffing levels, role counts, hiring pipeline data — that predate 2025 are not reliable planning inputs. This needs to be stated plainly, not buried.
The structural disruption to the federal workforce that began in early 2025 was not a normal attrition cycle. Agencies that published AI strategies in 2023 and 2024 were building toward implementation capacity that assumed a workforce baseline that no longer exists. Partnership for Public Service research tracking federal hiring and retention was calibrated to a different environment. GAO assessments of federal IT implementation capacity published before the disruption describe a system that has since been materially altered.
Sellers who walk into federal accounts with pre-2025 capacity assumptions — about who's in the room, who owns what function, what the agency's implementation bandwidth actually is — are working from a map that doesn't match the territory. The gap between what an agency's AI strategy says it will do and what it currently has the staff to do is not a temporary implementation lag. It is the operating condition.
The Question That Reveals the Problem
The discovery value here is not a pitch. It's a question, and it's a specific one.
When you're in the room with a federal buyer who's talking about AI tool deployment or AI governance, ask who currently owns the access review process for AI tools that are already in use. Ask who's running it now, on what cadence, and what tooling they're using to track credentials that aren't in the agency's identity provider.
If the answer is fluent and specific, you're talking to an agency that has maintained its governance capacity. That's a different conversation.
If the answer is a pause, a redirect, or a committee, you've just located the gap. The agency has AI tools in use, credentials in the wild, and no one with the authority, visibility, or tooling to govern them. That gap exists whether or not you're in the room.
The question is whether you're the person who helps them see it clearly enough to do something about it.