The Office of Management and Budget (OMB) Memorandum M-25-22, “Driving Efficient Acquisition of Artificial Intelligence in Government,” has introduced a powerful, non-negotiable compliance requirement into the federal acquisition lifecycle. For the defense and technology contractors of North Carolina, the document serves as an immediate, high-stakes warning: the casual use of public Generative AI models for business development (BD) and proposal drafting must cease, as it introduces a compliance failure risk that could disqualify bids or terminate contracts.
This risk is not theoretical. It stems directly from the clash between commercial AI's business model and the government's mandate to protect its data.
Section I: The Contract-Killing Clash of Data Ownership
The most potent guardrail in M-25-22 is the prohibition on unauthorized data use, a provision aimed at preventing the government's intellectual assets from being exploited by third-party vendors.
The Explicit Prohibition: M-25-22 dictates that future federal contracts must include terms that prohibit vendors from using non-public government data to train or develop publicly or commercially available AI algorithms without explicit, written consent.
The Front-Loaded Risk for Proposal Teams: While this rule is enforced during contract performance, the risk begins the moment a contractor’s BD team starts drafting a proposal.
When utilizing popular, commercial Large Language Models (LLMs) to analyze requirements, summarize documents, or generate draft text, contractors often input sensitive, non-public information. This includes:
Proprietary Bid Data: Detailed cost structures, unique technical methodologies, and competitive intelligence that is never intended for public view.
Restricted Procurement Materials: Specific, non-public requirements, scope details, or agency-internal documentation sourced from draft Requests for Proposals (RFPs) or restricted industry days.
If the public AI model's terms of service allow it to retain and use that input for model performance tuning or future training, which is often the case by default, the contractor has potentially violated the core data training guardrail before the contract is even awarded. This failure to secure government-adjacent information constitutes an unacceptable risk in the eyes of the procurement official, providing grounds for bid rejection or immediate contract termination.
Section II: The Erosion of Intellectual Property and Trust

1. The OMB memo’s focus on IP and transparency further exposes the liability inherent in using external AI for bid preparation.
   IP Delineation and Ambiguity: M-25-22 requires contracts to clearly delineate the respective ownership and IP rights of both the government and the contractor. When proposal content is generated by a public LLM, the ownership structure becomes clouded. The AI vendor's terms of service may grant them broad, perpetual licenses to the generated output, even if the user is a federal contractor.
   If a government procurement officer suspects the contractor cannot claim unencumbered ownership over the technical approach or proprietary systems detailed in the bid, it creates a material weakness. A contractor who cannot provide clear assurance regarding the chain of title for the content risks a severe degradation of their technical score.
   The Demand for Disclosure and Governance: Agencies are now specifically directed to be "cognizant of the risks posed by the unsolicited use of AI systems by vendors" and to include provisions requiring the disclosure of AI use during contract performance. This scrutiny will inevitably extend to the proposal review process. A lack of transparent, verifiable internal policies regarding AI use signals a critical deficiency in corporate governance and data security maturity.
   Federal agencies view this as a litmus test. If a company cannot control its sensitive data during the simple act of writing a proposal, it cannot be trusted with a high-impact AI system governing national security or critical civilian functions.
   Conclusion: The Mandate for Internal AI Governance
   The OMB M-25-22 guardrails have formalized the risks of AI, transforming responsible data handling from an internal IT policy into a critical competitive prerequisite. For North Carolina firms, the time for passive observation is over.
   To eliminate this "Fatal Input" risk and secure future awards, the North Carolina Military Business Center suggests contractors to adopt a proactive internal governance strategy:
   Implement a Zero-Trust Data Policy: Formally designate all pre-award government documents, proprietary cost models, and technical architecture details as strictly prohibited input for public, commercial Generative AI models.
   Invest in Secure Environments: If AI is deemed essential for proposal efficiency, utilize private, enterprise-level models that contractually guarantee data input is not used for training commercial services. This is an investment in compliance, not just productivity.
   Audit and Certify: Establish a mandatory internal audit process ensuring that BD and proposal teams fully understand and comply with this segregation policy. Be prepared to proactively disclose your internal AI governance structure as a competitive strength in your next bid.

The M-25-22 guardrails are here to stay. Contractors who fail to master them are actively jeopardizing their ability to compete in the future of federal AI procurement.
For more information on the North Carolina Military Business Center visit https://www.ncmbc.us/ or contact Reena Bhatia at reena@ncmbc.us.

The North Carolina Military Business Center (NCMBC) is a statewide business development and technology transition entity dedicated to leveraging military and other federal business opportunities to expand the economy, grow jobs, and improve the quality of life in North Carolina.