- USDA auditors found major gaps in the agency’s AI governance and cybersecurity controls
- Auditors said the department missed key OMB deadlines tied to AI governance requirements
- The OIG urged USDA to strengthen AI policies, risk reviews and compliance procedures
The U.S. Department of Agriculture’s Office of Inspector General, or USDA OIG, found that the agency has failed to fully implement required cybersecurity and governance controls for artificial intelligence systems, leaving it vulnerable to security and operational risks.
A recent USDA OIG report on the cybersecurity and governance of AI systems highlights the growing need for stronger oversight and risk management across federal agencies. Continue the conversation at the Potomac Officers Club’s 2026 Cyber Summit on May 21—just a few days away—where leaders will discuss AI security, zero trust and evolving cyber threats. Register now.
What Deficiencies Did OIG Identify?
The OIG said in a report issued May 12 that the USDA failed to fully comply with Office of Management and Budget, or OMB, requirements for AI governance and risk management. Auditors found the department had not updated its AI policies, established generative AI guidance or implemented minimum safeguards for critical AI systems by OMB deadlines.
The audit findings come despite the agency’s broader push to expand AI governance and data modernization efforts under its FY24-26 USDA Data Strategy.
What Cybersecurity Issues Were Found?
The inspector general identified widespread gaps in AI cybersecurity compliance across the department. Of 82 identified AI use cases, 73 lacked authorizations to operate and were not recorded in the agency’s cybersecurity tracking system.
The report also found that two of the nine AI systems with authorizations lacked required security documentation. The OIG warned that insufficient controls could expose the agency to data breaches and other security risks.
What Recommendations Did OIG Make to USDA?
The report recommended stronger USDA oversight of AI systems through updated department-wide policies, high-impact AI assessments and continuous reviews of the agency’s AI inventory. Auditors also called for mandatory risk assessments, authorization-to-operate determinations and system impact analyses before AI technologies are deployed on USDA networks.
