Federal Agencies Must Ditch 'Adversary' AI Within 90 Days Under New Security Mandate

This bill, simply titled the No Adversarial AI Act, is basically a government mandate to clean house when it comes to Artificial Intelligence. It requires federal agencies to identify and stop using any AI tools developed by entities tied to designated “foreign adversaries.” The goal is to lock down the government’s digital infrastructure against potential foreign interference or espionage carried out through software.

Here’s the timeline: The Federal Acquisition Security Council (FASC) has to move fast—just 60 days from enactment—to create a “Do Not Buy” list of risky AI. Once that list is out, executive agencies have 90 days to review their current tech stack and get rid of anything on it. If you work for the government and rely on an AI tool for scheduling, data analysis, or even managing supply chains, and that tool comes from an entity on this list, your agency will have to find a replacement, fast.

The Security Firewall: Who Gets Listed and Why

Section 2 sets up the process for creating this high-stakes list. The FASC identifies AI developed or produced by a “foreign adversary entity.” This designation is broad, covering the adversary country itself, any company based there, or even any company where a foreign person or group owns 20 percent or more of the stake. Think of it as a supply chain security check with a wide net. The list has to be made public and must be reviewed and updated every 180 days.

This is where it gets real for tech companies. If a small software firm has 20% ownership from a foreign investment group tied to an adversary nation, their AI product could be blacklisted from federal contracts. This 20% threshold is key because it means the ban isn't just targeting state-owned enterprises; it hits private companies with minority foreign investment, potentially causing major headaches for firms that rely on federal business.

The 90-Day Scramble: Finding a Replacement

Section 3 is the hammer. Within 90 days, agency heads must use their existing authority to remove or stop using the listed AI. For agencies that have integrated a specific AI tool—say, an advanced data modeling platform—into their core operations, replacing it in three months will be a monumental task. This could mean disruptions to ongoing projects, from scientific research initiatives to crucial counterintelligence operations.

However, the bill does include a narrow escape hatch. An agency can get an exception to continue using the banned AI, but only if they notify the Office of Management and Budget (OMB) and Congress in writing, and only if the AI is needed for things like scientifically valid research, testing, counterterrorism, or if not using it would seriously jeopardize the agency’s mission-critical functions. This exception is designed to prevent a total operational meltdown, but it puts a huge burden on agency leaders to justify why they can’t find a secure, domestic alternative.

The Real-World Impact: Cost and Continuity

For the taxpayer, this bill means a significant, immediate cost. Federal agencies will have to spend time and money identifying, removing, and replacing sophisticated software. If the Department of Energy, for instance, uses a blacklisted AI for managing energy grid models, they can’t just switch to a spreadsheet. They need a verified, secure replacement, which often means an expensive, custom-built solution.

While the intent—protecting national security by securing the government’s AI supply chain—is clear and necessary, the tight deadlines and the broad definition of “foreign adversary entity” mean a lot of companies and federal employees are about to experience a high-stakes, 90-day tech migration. It’s a necessary security upgrade, but expect some turbulence as the government tries to yank out deeply integrated technology on a tight deadline.