The CAIO you're meeting with next week probably has fewer people than you do.
Not fewer people in the building. Fewer people who can evaluate what you're selling. The AI engineers who would have stress-tested your architecture claims, the security architects who would have asked about your token handling, the data scientists who would have flagged the gap between your demo environment and their production reality: a meaningful share of that cohort is gone. Reduction in force, early retirement incentives, voluntary departures by people who watched colleagues leave and read the room. The specific mechanisms vary by agency. The outcome doesn't.
This is the operating environment for federal AI sales in 2026. And if you're walking into CAIO and CIO conversations with the same pitch motion you used in 2023, you're solving for a buyer that no longer exists.
The Shadow IT You Already Know
Start with what you know cold.
Shadow IT governance has a well-worn pattern. Employees, frustrated by slow procurement cycles and inadequate sanctioned tools, adopt consumer or commercial applications outside the official stack. The identity team eventually discovers it, usually through a CASB alert, an anomalous OAuth grant, or an offboarding process that surfaces accounts nobody knew existed. The response is a combination of policy (acceptable use), visibility (SSO enforcement, SCIM provisioning), and remediation (revoking unsanctioned access, migrating workflows to approved alternatives).
You've had this conversation. You know the shape of it. The buyer's pain is real, the identity governance response is structural, and the sales motion is reasonably well-defined.
What's happening in federal agencies right now rhymes with shadow IT. Employees under pressure to deliver, with fewer colleagues, the same mission requirements, and leadership publicly committed to AI-driven efficiency, are adopting AI tools through whatever path is available. ChatGPT on a personal device. Claude through a browser with a work email. Copilot features that activated automatically when someone updated their Microsoft 365 client. The tools are in the building. The question of whether they're sanctioned, governed, or visible to anyone with authority to care is, at many agencies, genuinely open.
The parallel holds, up to a point.
The Break Point
Shadow IT governance has always rested on a quiet assumption: that somewhere in the agency, there's an internal security team capable of implementing the fix. A team that can evaluate the CASB configuration, design the SSO enforcement policy, review the OAuth scopes on the sanctioned alternative, and make a defensible architecture decision about what "approved" actually means in practice.
The workforce reductions didn't just slow AI adoption. They removed the team that was supposed to do that work.
According to OPM workforce data and reporting from federal oversight bodies, civilian agencies saw significant reductions in GS-13 through GS-15 technical positions through 2025, the grade band where most in-house AI engineers, security architects, and senior data scientists sit. The cuts weren't uniform. Some agencies lost more than others. But the pattern across CFO Act agencies is consistent enough that GAO's ongoing work on federal AI workforce capacity has flagged internal technical expertise as a structural constraint on AI governance, not just a temporary staffing gap.
In practice: the person who would have reviewed your identity architecture claims may have taken a buyout in March. The team that would have written the agency's AI acceptable use policy is now two people instead of six, and they're spending their time on ATO paperwork for a system that was already in flight before the reductions. The CAIO's office, which at a mid-size civilian agency might have had ten to fifteen FTEs eighteen months ago, may now have four, and two of those are program managers, not engineers.
The shadow AI problem is real. The internal capacity to respond has been substantially reduced.
What the Vacuum Looks Like in Identity Terms
The problem has a specific shape in identity terms, even if the buyer isn't using that language yet.
Employees adopting unsanctioned AI tools are authenticating to those tools with credentials the agency doesn't govern. In many cases, that means personal Google or Microsoft accounts, because the AI tool's free tier requires a consumer identity. In other cases, it means work email addresses used to create accounts in systems that have no SSO integration with the agency's identity provider, which means no visibility, no lifecycle management, and no revocation path when someone leaves.
The data those employees are feeding into those tools is a separate problem, and a real one. But the identity problem is where the governance failure is most legible, because it's the layer where the agency has the least visibility and the most structural exposure.
Meanwhile, agencies that are trying to move AI from pilot to production are making identity architecture decisions under conditions they weren't designed for. Who authenticates the AI agent to the backend system? What OAuth scopes does it hold, and who reviewed them? When the agent acts on behalf of a user, what's the authorization model, and does it match the agency's existing RBAC structure, or is it a new trust relationship that nobody formally approved? These are not hypothetical questions. They're decisions being made right now, often by the two engineers who are left, under timeline pressure, without the internal review layer that would have caught the bad calls.
The governance vacuum is specifically an expertise gap. Activity continues; the review layer that would have made it defensible does not.
Reading the Signals Before You Walk In
The depth of the expertise gap is partially legible from public sources, if you know what to look for.
USAJobs postings are the most direct signal. Search for the agency name alongside role titles like "AI engineer," "cloud security architect," "identity and access management specialist," or "data scientist." If an agency is actively recruiting for these roles, it tells you two things: the gap is real enough that leadership has acknowledged it, and the agency is in a transition state where vendor partners are filling the gap while the hiring process runs. If you see no postings, or postings that have been open for six-plus months without apparent movement, the gap may be deeper and the dependency on external partners more entrenched.
Congressional Budget Justifications are publicly available for most civilian agencies and worth fifteen minutes of reading before any significant call. Look at the AI-related sections. Does the staffing narrative describe specific FTE counts and role descriptions, or does it describe capability aspirations without a headcount plan? The latter is a signal that the agency's AI strategy is being written by people who understand the mission but not the workforce math required to execute it.
CAIO office public statements, testimony, conference presentations, published strategy documents, are worth reading for what they don't say as much as what they do. A CAIO who talks extensively about governance frameworks and policy development but rarely mentions internal technical capacity is often describing an organization that has the aspiration but not the engineering depth to implement it. That's not a criticism; it's a structural description of what the reductions produced.
GAO and Inspector General reports on AI readiness at specific agencies are the highest-signal source, when they exist. GAO has been active on federal AI workforce capacity questions, and IG offices at several large civilian agencies have flagged internal expertise gaps in recent years. These reports are specific, sourced, and often more candid about agency limitations than anything the agency will say publicly.
None of these signals gives you a precise headcount. The picture is genuinely unsettled at the agency level, and anyone claiming precise numbers about how deep the cuts ran in specific technical roles is overstating their certainty. What the signals give you is a directional read on how dependent this particular agency is on external partners, and therefore how much governance weight your engagement is being asked to carry.
The Discovery Questions That Surface the Pain
A seller who walks in already knowing the governance vacuum exists doesn't pitch into it. They surface it, because the buyer needs to name the problem before they can authorize the solution.
A few questions that work in the room, without telegraphing the pitch:
"When your team evaluates a new AI tool or integration, who's doing the technical review on the identity and access side, is that internal, or are you leaning on a partner for that?" This question surfaces the capacity gap without implying the agency is failing. It positions you as someone who understands that the review function exists and matters.
"For the AI use cases you're moving toward production, how are you handling agent authentication, is that something your team has a pattern for, or is it still being worked out?" Agent identity is genuinely unsettled territory even for well-staffed agencies. Asking about it signals protocol fluency and opens the conversation about where the agency's internal expertise ends.
"What does your acceptable use framework look like for AI tools employees are adopting on their own, is that something your CISO's office owns, or is it landing in your team?" This question surfaces the shadow AI dynamic without naming it as a problem. If the answer is "we're still figuring out who owns that," you've located the vacuum.
The point of these questions is to give the buyer language for a problem they're already experiencing but may not have articulated in identity terms. A seller who can do that is having a different conversation than one who leads with product capabilities.
The Risk Profile Has Changed
Before you walk into these conversations, consider what's actually changed about them.
When you sold identity governance to a well-staffed agency, there was an internal review layer between your pitch and the production decision. Engineers who would push back on your architecture claims. Security architects who would modify your recommended configuration based on agency-specific constraints. A CISO's office that would review the contract terms and flag the clauses that created unacceptable risk. That review layer was, among other things, a check on vendor overselling, a structural mechanism that protected the agency from making bad identity decisions based on incomplete information.
That layer is thinner now. In some agencies, it's nearly gone.
A vendor who walks in with a governance framework the agency can't independently evaluate is being asked to fill a role that used to belong to the agency's own people. That's a real dependency, and it carries real responsibility. The identity decisions being made in this environment, about agent authentication, about OAuth scope design, about how AI tools integrate with the agency's existing identity provider, are decisions that will become infrastructure. They'll be harder to change later than they are to get right now.
Sellers who take that seriously ask the discovery questions that surface the gap. They're honest about what their platform governs and what it doesn't. They flag the identity decisions that need internal review even when the agency's capacity to do that review is limited, because flagging it is how you build the trust that makes the long-term relationship work.
The agencies buying right now are buying from vendors they're going to depend on in ways they haven't depended on vendors before. Sellers who can name that dynamic, carefully and without exploiting it, earn the seat at the table when the governance frameworks get built. Sellers who can't are filling the vacuum anyway, just without knowing it.