Pentagon officials report that AI use across the Department of War increased by 1,775% over the past year, growing by approximately 1.42 million users.
What the growth means for mission data
That jump is not an abstract metric; it is a concrete operational pressure. As leaders move to embed AI so "warfighters can make faster, more precise decisions," the volume, variety, and dispersal of sensitive mission data rise in step. Imagery, video, intelligence reports, targeting information, mission plans, and sensor streams are now routinely produced, cached, and moved across endpoints, servers, removable media, tactical computers, and edge devices. The central question for defense teams is whether data-at-rest (DAR) protections can be deployed, updated, audited, recovered, and sanitized wherever that data actually resides.
Five practical data-protection challenges AI creates
- AI significantly increases the volume of sensitive mission data that must be secured.
- AI workflows expand storage footprints and move data frequently across operational devices.
- Operational devices must remain secure even when offline or powered off, including when exposed outside controlled facilities or stored where insider risk exists.
- Consistent protection requires scalable deployment: an architecture that cannot be deployed and sustained everywhere it is needed will leave uneven coverage and operational risk.
- AI workflows increase residual data risk because mission artifacts may remain on systems after use, transfer, repurposing, or mission completion.
Two-layer DAR: NSA CSfC-aligned protections and practical deployment
For classified environments, the NSA CSfC Data-at-Rest (DAR) model provides a two-layer framework (CSfC DAR Capability Package Version 5.1.0). The outer layer commonly uses hardware full-drive encryption on a self-encrypting drive (SED) paired with pre-boot authentication (PBA). That combination protects stored data before the operating system loads and before device possession can become access — a critical guardrail for devices that are powered off, transported, staged, or exposed to capture.
The inner layer commonly uses software full-drive encryption that is independently implemented from the hardware layer. Because software encryption can be deployed to already-deployed devices without waiting for hardware refresh cycles, it allows defense teams to extend protection rapidly in the field. Crucially, the two layers provide defense-in-depth through separate cryptographic enforcement, separate key management, and distinct protection boundaries — reducing dependency on any single control when systems are powered off, unauthenticated, lost, captured, transferred, or repurposed.
Lifecycle control, sanitization, and sustaining protections at scale
Protection does not end at deployment. Defense teams need lifecycle controls: update mechanisms, policy enforcement, credential rotation, recovery workflows, auditability, secure decommissioning, and sanitization procedures. As the source notes, AI-driven operations will continue to generate new data and new workflows; DAR protection must adapt. Secure sanitization—ensuring residual data is not recoverable when systems are retired, transferred, repurposed, or exposed to emergency conditions—is emphasized as a way to reduce future exploitation risk, including in the context of long-term confidentiality concerns raised by advances such as quantum-era threats.
What this means for technologists, procurement leaders, and mission operators
- Technologists and security teams: Treat scalable deployment as a security requirement. Repeatable ways to configure, enforce, update, monitor, and maintain DAR protections are necessary across mixed hardware, disconnected platforms, and large endpoint fleets.
- Procurement and program managers: Prioritize solutions that support layered, independently implemented protections and can be deployed to existing systems without waiting on hardware refresh cycles; plan for lifecycle and sanitization requirements in acquisition language.
- Mission operators and analysts: Expect sensitive outputs and intermediate artifacts to persist across devices and workflows; insist that protection — authenticated access, offline protection, audit trails, and sanitization — travel with the data, not just with central AI platforms.
Cigent’s role and the operational prescription
The source highlights Cigent as a partner that helps defense teams extend DAR protection across endpoints, servers, and edge systems where mission data is created, stored, cached, and retained. Cigent is described as trusted across federal and defense programs, including within the Department of War, the intelligence community, federal civilian agencies, and the defense industrial base. The company combines TS/SCI-cleared expertise, U.S.-based software development, and operational experience; its work emphasizes practical applications of SEDs, PBA, and CSfC technologies to safeguard sensitive data while sustaining protection at mission scale.
AI modernization and DAR protection, the source concludes, must advance together: "If AI systems depend on mission data, then protecting that data must be part of AI readiness wherever it is stored, especially on endpoints, servers, tactical systems, and edge platforms outside controlled environments." Data-at-rest protection must scale with AI adoption — and in the defense context described here, that scaling is as much an operational imperative as a technical one.
