The Machine-Layer Dependency Report | A Sovereign Intelligence Index Assessment of Twenty Command-Critical Institutions
This report argues that the real AI governance crisis is not rogue machines. It is public institutions becoming dependent on systems they can no longer explain, audit, contest, replace, suspend, or govern.
Executive Summary
The central AI governance problem is no longer only whether individual systems are safe, accurate, fair, transparent, or secure.
The deeper problem is whether public authority is becoming dependent on machine layers it cannot independently command.
This report applies the Sovereign Intelligence Index to twenty command-critical institutions and institutional nodes. The finding is not that these institutions are unlawful, malicious, incompetent, or proven to have lost command internally. The finding is narrower, stronger, and more defensible: From public evidence alone, these twenty institutions would likely fail to prove retained command over the AI systems now entering their decision layers.
That is the correct standard.
A public-command failure is not a malfunction. It is not a bad output. It is not a hallucination. It is not a scandal. It is not proof that AI should be banned.
Failure is dependency without command.
An institution fails the Sovereign Intelligence Index when it cannot demonstrate, with sufficient evidence, that it can still explain, audit, contest, replace, suspend, and govern the AI systems that materially shape its public function.
The 2025 Federal Agency AI Use Case Inventory makes the scale visible. As of April 13, 2026, OMB’s consolidated repository reported 3,611 individually reported federal AI use cases, 1,818 deployed or piloted use cases, and 445 high-impact AI use cases. The same inventory excludes certain AI uses involving national-security systems, the Intelligence Community, and defense or war-department use cases from public release. That means the most sovereignty-sensitive AI uses are partly outside public visibility.
This report does not treat the twenty institutions as isolated examples. It treats them as the visible surface of a new dependency architecture.
Defense is the force layer.
Intelligence is the perception layer.
Homeland Security is the internal-security layer.
Justice and courts are the legitimacy layer.
Veterans Affairs, Health and Human Services, Treasury, and Social Security are the benefits-and-rights layer.
Energy and the national laboratories are the strategic-infrastructure and scientific-sovereignty layer.
Microsoft, OpenAI, Google, Amazon Web Services, Oracle, Palantir, xAI, and NVIDIA are machine-layer vendors and infrastructure providers.
Meta and TikTok are civic-perception platforms.
Together, they show the emerging structure of machine-mediated authority.
The report’s conclusion is simple: No command-critical institution should deploy, expand, or renew AI systems unless it can prove retained command.
A republic does not lose command when machines become conscious.
It loses command when institutions become dependent.
I. The Core Standard: Dependency Without Command
The Sovereign Intelligence Index does not ask only whether an AI system works.
It asks whether the institution still governs after the system works its way into the institution.
A system may be useful and still create dependency.
It may be accurate and still displace judgment.
It may be secure and still be uncommandable.
It may be lawfully procured and still place public authority inside a private or opaque machine layer.
The public-command question is therefore: Can the institution still command the system, or has the system become necessary for the institution to command itself?
A command-critical institution fails when it cannot demonstrate six capacities.
It must be able to explain the system’s role.
It must be able to audit the system’s operation.
It must be able to contest the system’s output.
It must be able to replace the system or vendor.
It must be able to suspend the system when necessary.
It must be able to continue the public function without collapse.
If those capacities are missing, formal authority remains but practical authority begins to move.
That movement is the central risk.
II. Three Levels of Failure
The word failure must be disciplined.
The Sovereign Intelligence Index recognizes three levels of failure.
Failure of Proof
A failure of proof exists when an institution may possess adequate internal controls, but public evidence does not demonstrate them.
This is the lowest and most defensible finding in this report.
It does not say the institution has lost command.
It says the institution has not publicly proven retained command.
For ordinary internal software, that may be tolerable.
For defense, intelligence, justice, courts, public benefits, taxation, health, infrastructure, civic perception, and democratic legitimacy, it is not enough.
Failure of Command Readiness
A failure of command readiness exists when public evidence suggests that an institution may be unable to demonstrate explainability, auditability, human override reality, appealability, vendor exit capacity, model-change control, data sovereignty, infrastructure resilience, or continuity.
This is more serious than failure of proof.
It means the available evidence suggests structural weakness, not merely uncertainty.
A system can be efficient and still fail command readiness.
A system can be high-performing and still fail command readiness.
A system can be popular with staff and still fail command readiness.
The question is not whether the institution benefits from AI.
The question is whether the institution remains capable of governing after adoption.
Failure of Sovereign Command
A failure of sovereign command exists when an institution cannot meaningfully explain, audit, contest, replace, suspend, or operate independently from an AI system that materially shapes its public function.
This is the highest severity category.
It means AI has crossed from assistance into authority displacement.
At that point, humans may still sign decisions, approve recommendations, issue orders, or publish judgments.
But the practical basis of those decisions may already have become machine-mediated.
That is the condition the Index exists to measure.
III. What This Report Does Not Claim
This report does not claim that the twenty institutions identified here have committed legal violations.
It does not claim that every AI system inside these institutions is dangerous.
It does not claim that every vendor listed is irresponsible.
It does not claim that AI should be removed from public administration, defense, intelligence, courts, medicine, infrastructure, or civic systems.
It does not claim that public evidence is the whole evidence universe.
The report claims something more precise: These twenty institutions are command-critical nodes that cannot prove retained command from public evidence alone.
That is enough to require escalation.
The burden should not rest on the public to prove hidden dependency after authority has already moved.
For command-critical AI, the burden should rest on institutions to prove that command remains intact.
IV. Rebuttal Standard
A serious Index finding must be rebuttable.
To rebut a failure-of-proof or command-readiness finding, a command-critical institution should produce evidence showing retained command.
That evidence should include, where applicable, a complete AI inventory, workflow maps, model-use logs, prompt and output records, override records, appeal records, adverse-decision notices, human-review procedures, training records, audit rights, data rights, vendor contracts, subcontractor lists, model-change notices, incident records, continuity tests, exit plans, data-export tests, red-team results, independent evaluations, security assessments, privacy impact materials, responsible-official designations, public disclosures, and inspector-general or oversight findings.
Vendor assurance alone is not enough.
A policy saying “humans remain in control” is not enough.
A contract saying data can be exported is not enough unless export has been tested.
An appeal process is not enough unless actual reversal is possible.
A human-in-the-loop architecture is not enough unless the human has time, authority, information, training, and institutional support to reject the machine output.
A security authorization is not enough unless the institution can still audit, suspend, migrate, and operate without public-function collapse.
The Index asks for command evidence.
Not intent.
Not aspiration.
Not branding.
Evidence.
V. The National Machine-Layer Dependency Architecture
The twenty institutions in this report are not equally situated. They occupy different layers of public command.
The first tier is the sovereign-command core: defense, intelligence, homeland security, justice, and courts. These institutions touch force, perception, enforcement, adjudication, liberty, legitimacy, and state coercion.
The second tier is the rights-and-administration layer: Veterans Affairs, Health and Human Services, Treasury, Social Security, and Energy. These institutions touch benefits, health, taxation, public science, nuclear stewardship, infrastructure, and strategic resilience.
The third tier is the machine-layer vendor and infrastructure layer: Microsoft, OpenAI, Google, Amazon Web Services, Oracle, Palantir, xAI, and NVIDIA. These entities increasingly supply the cloud, compute, model, productivity, data-fusion, search, agentic, and interface layers through which public institutions work.
The fourth tier is the civic-perception layer: Meta and TikTok. These platforms shape attention, belief formation, synthetic media exposure, youth cognition, political visibility, and public trust.
The risk is architectural.
If these layers become mutually dependent, the state may retain formal sovereignty while losing practical command over the systems through which it perceives, decides, administers, communicates, defends, remembers, and acts.
VI. Tier One: The Sovereign-Command Core
1. Defense Establishment / Chief Digital and Artificial Intelligence Office
Defense is the force layer.
It is the highest-risk command environment because AI is not only entering administrative work. It is entering battle management, simulation, intelligence support, planning, cyber operations, agentic workflows, logistics, and compressed decision environments.
The public signal is clear. CDAO describes AI-enabled battle management and decision support “from campaign planning to kill chain execution,” along with AI-enabled simulation capabilities and other warfighting programs.
That does not prove command failure.
It proves command-critical exposure.
Defense fails the Index if AI becomes operationally indispensable before the institution can prove human judgment, model challenge, red-team sufficiency, suspension authority, audit trails, model-change control, vendor exit capacity, and operational fallback.
For defense, failure means the chain of command may remain formally human while the decision environment becomes machine-structured.
A commander may still approve.
But command requires more than approval.
Command requires independent understanding, rejection capacity, lawful suspension, and the ability to continue the mission without the machine layer collapsing beneath it.
To rebut the finding, defense institutions would need to produce classified and unclassified evidence showing where AI enters the decision chain, which systems are prohibited from lethal or strategic determinations, how model outputs are challenged, how human override is preserved under time pressure, how systems are suspended, how vendors are replaced, and how commanders retain independent operational judgment.
Without that evidence, defense AI remains the highest-risk public-command exposure.
2. Intelligence Community / ODNI and the Eighteen Intelligence Elements
Intelligence is the perception layer.
The Intelligence Community exists to collect, filter, interpret, assess, warn, and advise. If AI systems begin shaping what analysts see, what they miss, what they prioritize, and what they infer, the risk is epistemic before it is operational.
ODNI’s IC Data Strategy 2023–2025 states that all eighteen IC elements are being directed toward common services and efforts to make data more interoperable, discoverable, and artificial-intelligence-ready for both people and machines.
That is a modernization agenda.
It is also a dependency surface.
The Intelligence Community fails the Index if AI-mediated search, translation, summarization, data fusion, pattern detection, anomaly detection, collection triage, or predictive analysis becomes necessary to intelligence production before analysts and oversight bodies can prove independent challenge capacity.
For intelligence, failure means the nation may still act on intelligence while losing visibility into the machine-shaped path by which intelligence judgments were formed.
The danger is not that machines replace analysts outright.
The danger is that machines define the analytic field: what appears relevant, what appears connected, what appears anomalous, what appears urgent, and what disappears into noise.
To rebut the finding, the Intelligence Community would need to produce evidence of analytic audit trails, provenance controls, model-use boundaries, red-team review, source-protection safeguards, analyst challenge procedures, model-change documentation, classified oversight, vendor-access limits, and procedures for preserving independent human judgment.
A nation cannot responsibly act on intelligence it can no longer independently judge.
3. Department of Homeland Security
Homeland Security is the internal-security layer.
DHS sits at the intersection of border control, immigration enforcement, cybersecurity, transportation security, emergency management, disaster response, infrastructure protection, and public safety.
OMB’s 2025 inventory lists DHS with 238 publicly reported AI use cases, 118 deployed or piloted AI use cases, and 55 high-impact use cases.
That is not proof of misuse.
It is proof of command-critical scale.
DHS fails the Index if AI materially shapes screening, triage, threat detection, cyber alerts, fraud analysis, immigration workflows, emergency prioritization, travel security, or infrastructure warnings without adequate explanation, appeal, override, audit, and suspension capacity.
The highest-risk domains are explainability, appealability, human override reality, foreign influence surface, data sovereignty, and cross-component accountability.
For DHS, failure means state power may reach people through machine-shaped classifications that move faster than explanation, review, or remedy.
To rebut the finding, DHS would need to produce system-specific workflow maps, adverse-action notices, appeal records, redress procedures, override logs, cyber model-evaluation records, data-sharing constraints, vendor contracts, infrastructure dependency maps, and model-change records.
In internal security, command failure does not require a robot officer.
It requires only an opaque machine classification that public authority treats as operationally decisive.
4. Department of Justice
Justice is the coercive legitimacy layer.
DOJ touches investigation, prosecution, enforcement priority, incarceration, civil rights, evidence analysis, prison administration, fraud detection, and legal decision support.
OMB’s 2025 inventory lists DOJ with 314 publicly reported AI use cases, 188 deployed or piloted AI use cases, and 114 high-impact use cases. DOJ’s own AI inventory page states that the department’s 2025 inventory includes 315 entries and reflects a 30.7 percent increase from the 2024 inventory.
The one-entry difference is not the important fact.
The important fact is scale inside a constitutional institution.
DOJ fails the Index if AI materially influences investigative leads, enforcement targeting, prosecutorial workflows, legal analysis, evidence review, prison risk assessment, or public-safety judgments without traceable records and meaningful challenge mechanisms.
The question is not whether an agent, prosecutor, attorney, or official signs the final document.
The question is whether the machine-shaped upstream path can be reconstructed, challenged, disclosed where required, corrected where wrong, and excluded where unreliable.
To rebut the finding, DOJ would need to produce AI-use disclosure rules, audit trails, model-output retention policies, case-specific traceability, discovery protocols, civil-rights impact review, component-level controls, human-review records, appeal pathways, and independent evaluations for enforcement-sensitive systems.
When AI enters justice, human presence is not enough.
The loop must be reviewable.
5. Courts
Courts are the legitimacy layer.
Judicial legitimacy depends on reason-giving, independence, adversarial testing, record integrity, evidentiary reliability, and public trust.
The Administrative Office of the U.S. Courts established an advisory AI Task Force in early 2025 to help the judiciary confront AI as a transformative force, identifying concerns about ethical standards, judicial opinions, sensitive data, and IT-system security.
That is a positive governance signal.
It is also evidence that the judiciary understands AI as a legitimacy risk.
Courts fail the Index if AI materially shapes legal research, drafting, evidence analysis, translation, docketing, self-help tools, sentencing support, bail assessment, judicial recommendations, or court administration without disclosure, verification, record integrity, and accountable human review.
The most dangerous scenario is not a robot judge.
It is an ordinary-looking order, opinion, recommendation, transcript, translation, or docket action whose reasoning path has been machine-shaped in ways the parties cannot see, test, or challenge.
To rebut the finding, courts would need to produce AI-use policies, judicial and staff guidance, disclosure standards, citation-verification procedures, record-retention rules, evidence-authentication protocols, vendor controls for legal research systems, data-confidentiality protections, audit logs, and safeguards ensuring that judicial reasoning remains independently reviewable.
Courts do not need to reject AI.
They need to prevent AI from becoming unacknowledged legal infrastructure.
VII. Tier Two: Rights, Benefits, Health, Taxation, Energy, and Public Administration
6. Department of Veterans Affairs
Veterans Affairs is the veteran-rights and care layer.
VA combines health care, benefits, disability claims, medical records, crisis support, scheduling, fraud prevention, and services for a population owed a heightened public duty.
OMB’s 2025 inventory lists VA with 367 publicly reported AI use cases, 159 deployed or piloted AI use cases, and 215 high-impact use cases, the largest high-impact count in the published inventory. VA’s own AI inventory page states that its 2025 inventory includes 367 individual AI use cases and 13 consolidated AI use cases.
VA fails the Index if AI materially shapes claims handling, risk detection, care prioritization, clinical workflow, appointment routing, records summarization, benefits timing, suicide-risk workflows, or payment-fraud review without explainability, appealability, human review, and tested fallback capacity.
For VA, failure means veterans may be classified, prioritized, denied, delayed, escalated, or ignored through systems that improve efficiency while weakening the veteran’s ability to understand and contest the institution.
To rebut the finding, VA would need to produce benefit-specific workflow maps, appeal records, reversal capacity, clinical validation records, human-review protocols, suicide-risk safeguards, model-performance monitoring, medical-data governance, vendor contracts, and continuity plans.
Efficiency cannot substitute for command.
Especially when the institution serves people whose health, income, disability status, and crisis support may depend on machine-shaped judgment.
7. Department of Health and Human Services
HHS is the health and population-governance layer.
It touches health care, public health, biomedical research, benefits, disease surveillance, grant administration, medical data, regulatory analysis, and population-level policy.
OMB’s 2025 inventory lists HHS with 447 publicly reported AI use cases and 255 deployed or piloted AI use cases, the largest total use-case count among the cabinet agencies listed in the inventory.
The high-impact count for HHS is comparatively low in the OMB table, but that does not resolve the Index question. High-impact classification and command-criticality are not identical. A system can become command-critical if it shapes what an institution sees, prioritizes, researches, funds, monitors, or recommends.
HHS fails the Index if AI materially shapes health-care access, public-health surveillance, biomedical analysis, research prioritization, benefits administration, grant review, regulatory decision support, or population risk assessment without adequate evidence trails, data governance, model validation, and public accountability.
To rebut the finding, HHS would need to produce clinical validation records, public-health model governance, data-use limits, research-model provenance, impact assessments, human-review procedures, correction pathways, vendor controls, and public reporting where lawful.
Health AI does not only require safety.
It requires traceable public command.
8. Department of Energy and the National Laboratories
Energy is the strategic-infrastructure and scientific-sovereignty layer.
DOE sits at the intersection of energy systems, nuclear stewardship, national laboratories, supercomputing, scientific modeling, grid resilience, cyber defense, and national security.
OMB’s 2025 inventory lists DOE with 340 publicly reported AI use cases, 176 deployed or piloted AI use cases, and 29 high-impact use cases.
DOE fails the Index if AI becomes integral to grid modeling, energy forecasting, nuclear simulation, materials discovery, cyber defense, scientific inference, national laboratory research, or infrastructure resilience without sufficient provenance, validation, human expertise preservation, fallback capacity, and compute governance.
The danger is not merely that a model may be wrong.
The danger is that strategic institutions may become dependent on AI-generated simulations, forecasts, optimization outputs, or scientific inferences that cannot be independently replicated or challenged at sufficient speed.
To rebut the finding, DOE would need to produce validation records, reproducibility protocols, classified and unclassified model-evaluation procedures, grid and nuclear safety controls, compute dependency maps, vendor contracts, fallback procedures, and evidence that human experts remain capable of independent review.
In energy and nuclear contexts, uncommandable intelligence is not an efficiency problem.
It is a national resilience problem.
9. Department of the Treasury / IRS-Facing Systems
Treasury is the fiscal-sovereignty and financial-enforcement layer.
Treasury and IRS-facing systems affect taxation, audits, penalties, fraud detection, sanctions, financial intelligence, payment systems, and trust in the state’s fiscal authority.
OMB’s 2025 inventory lists Treasury with 129 publicly reported AI use cases, 48 deployed or piloted AI use cases, and 4 high-impact use cases.
Treasury fails the Index if AI materially influences audit selection, fraud scoring, sanctions analysis, payment monitoring, financial-risk classification, tax enforcement, customer-service determinations, or investigative prioritization without explanation, appealability, and audit trails.
The key question is whether a person or institution can understand why government attention attached to them.
To rebut the finding, Treasury would need to produce audit-selection governance, fraud-model validation records, taxpayer contestability procedures, adverse-action explanation rules, data-linkage controls, model-drift monitoring, vendor contracts, and human-review records.
The sovereign issue is not whether AI improves enforcement.
It is whether enforcement remains accountable when machine analysis becomes the practical gatekeeper of government attention.
10. Social Security Administration
Social Security is the survival-benefits layer.
SSA touches retirement, disability, income support, eligibility, identity, records, documentation, fraud prevention, and vulnerable populations.
OMB’s 2025 inventory lists SSA with 33 publicly reported AI use cases, 31 deployed or piloted AI use cases, and 9 high-impact use cases.
SSA fails the Index if AI materially shapes disability review, eligibility, document processing, fraud detection, identity verification, benefit timing, call routing, or appeal workflows without meaningful explanation and human correction authority.
A small number of high-impact systems can matter enormously when the public function is survival-linked.
To rebut the finding, SSA would need to produce workflow maps, appeal records, reversal rates, adverse-action notices, accessibility safeguards, disability-specific human-review procedures, fraud-model governance, and fallback capacity.
In benefits systems, the question is not merely whether AI reduces backlog.
The question is whether people can still understand and contest the system when their survival depends on it.
VIII. Tier Three: Machine-Layer Vendors and Infrastructure Providers
11. Microsoft / Azure / Microsoft 365 Copilot Government Cloud
Microsoft is a government productivity, identity, cloud, document, email, collaboration, security, and AI-assistance layer.
Microsoft states that Microsoft 365 Copilot is available in GCC, GCC High, and DoD environments; operates within the customer’s U.S. government cloud tenant; and keeps prompts, responses, and generated content in the government cloud.
Those are important controls.
But controls do not eliminate dependency.
They define the audit surface.
Microsoft-related deployments fail the Index if agencies cannot demonstrate how Copilot and related systems shape institutional drafting, summarization, retrieval, records, legal review, procurement, personnel analysis, cybersecurity workflows, policy development, and administrative memory.
The likely failure mode is productivity-layer capture.
When one vendor supplies the document layer, identity layer, communication layer, cloud layer, security layer, and AI assistance layer, ordinary institutional cognition can become machine-mediated through a single ecosystem.
To rebut the finding, agencies using Microsoft systems would need to produce prompt and output governance, logging rules, retention rules, disclosure policies, human-review standards, data-boundary controls, vendor-exit plans, alternative-workflow capacity, and evidence that AI-assisted government work remains reviewable.
Microsoft may be a legitimate supplier.
The public-command question is whether institutions can still operate independently from the layer it supplies.
12. OpenAI / ChatGPT Gov / OpenAI for Government
OpenAI is a frontier-model public-sector node.
OpenAI stated in January 2025 that more than 90,000 users across more than 3,500 U.S. federal, state, and local government agencies had sent over 18 million messages through ChatGPT to support day-to-day work. OpenAI later described OpenAI for Government, including a Defense Department contract with a $200 million ceiling to help prototype frontier AI for administrative operations, health-care support, acquisition data, and proactive cyber defense.
That scale is enough to trigger an Index audit.
OpenAI-related deployments fail the Index if government users adopt frontier models faster than agencies can preserve audit rights, usage records, data controls, model-change transparency, human review, procurement safeguards, and vendor-substitution capacity.
The danger is not that OpenAI’s models are inherently bad.
The danger is that a proprietary general-purpose reasoning layer can become normalized inside public work before agencies can reconstruct when it materially shaped a decision, memo, recommendation, codebase, analysis, or public communication.
To rebut the finding, agencies using OpenAI systems would need to produce system-use policies, prompt and output retention rules, impact assessments, model-change monitoring, human-review protocols, procurement terms, vendor-exit capacity, classified-use restrictions where applicable, and evidence that AI-assisted work remains attributable and reviewable.
When frontier AI becomes public administration’s thinking partner, command becomes the central governance question.
13. Google / Gemini for Government / Google Cloud Public Sector
Google is a search, cloud, model, data, productivity, and agentic-AI layer.
Google describes Gemini for Government as a comprehensive public-sector offering that includes Google’s AI-optimized and accredited commercial cloud, Gemini models, enterprise search, NotebookLM Enterprise, video and image generation, out-of-the-box AI agents, and the ability for employees to create their own AI agents. Google also describes FedRAMP High-authorized security and compliance features for the offering.
Google-related deployments fail the Index if agencies cannot explain, audit, constrain, monitor, or reverse the way Gemini systems shape search, summarization, drafting, knowledge retrieval, agentic workflows, and operational recommendations.
The strongest risk is not one chatbot answer.
It is the integration of search, organizational knowledge, generative output, and agents into a single workflow layer.
To rebut the finding, agencies using Gemini for Government would need to produce agent registries, action logs, enterprise-search audit trails, data-connector controls, model-use boundaries, human-approval rules, suspension protocols, vendor-exit plans, and evidence that agency personnel can identify when AI materially shaped an output.
A search layer can become a decision layer.
That is the Index risk.
14. Amazon Web Services
AWS is a foundational cloud and AI infrastructure layer.
AWS announced a two-year, $50 million Public Sector Generative AI Impact Initiative to help public-sector organizations accelerate innovation using AWS generative AI services and infrastructure, including Amazon Bedrock, Amazon Q, Amazon SageMaker, AWS HealthScribe, AWS Trainium, and AWS Inferentia.
AWS-related deployments fail the Index if public-sector institutions cannot demonstrate exit capacity, data portability, model auditability, infrastructure resilience, failover capacity, and continuity outside AWS environments.
The issue is not whether AWS services are useful.
The issue is whether public functions become dependent on a private cloud-intelligence stack that cannot be replaced without mission disruption.
To rebut the finding, agencies using AWS for AI would need to produce architecture maps, data-export tests, failover exercises, model-hosting alternatives, security assessments, termination rights, service-level controls, procurement analysis, and independent evaluation capacity.
Cloud sovereignty is no longer separate from AI sovereignty.
15. Oracle Cloud Infrastructure
Oracle is a government data, cloud, AI infrastructure, database, and mission-platform layer.
Oracle announced plans to strengthen AI infrastructure and increase model deployment options for U.S. government customers, including NVIDIA B300 GPUs in OCI government regions for demanding inference and accelerated-computing workloads.
Oracle-related deployments fail the Index if agencies cannot demonstrate that government data, AI infrastructure, model choice, audit rights, and continuity remain under public command rather than converging inside a vendor-controlled stack.
The risk intensifies when the data layer, cloud layer, model-hosting layer, and security layer converge.
To rebut the finding, agencies using Oracle AI infrastructure would need to produce data-control evidence, model-hosting terms, export tests, audit rights, security assessments, infrastructure-dependency maps, model-change notification procedures, and operational-continuity plans.
The Index treats this convergence as a command issue, not merely a procurement issue.
16. Palantir
Palantir is a data-fusion and decision-interface layer.
Palantir and Anthropic announced a partnership with AWS to provide U.S. defense and intelligence agencies access to Claude models through Palantir’s Artificial Intelligence Platform. Anthropic has also stated that Claude has been integrated into defense workflows with partners such as Palantir, including on classified networks.
Palantir-related deployments fail the Index if public institutions cannot independently verify how platforms integrate data, generate recommendations, structure workflows, surface risks, prioritize action, or combine proprietary tools with third-party frontier models.
The key Index insight is that authority can move into the interface.
A platform does not need to make the final decision to shape the practical decision field.
To rebut the finding, agencies using Palantir systems would need to produce data-lineage records, workflow maps, model-output logs, interface-behavior documentation, recommendation audit trails, vendor-access limits, model-integration terms, human-review records, and exit capacity.
Public command can be lost not only to a model.
It can be lost to the operating environment through which reality is assembled.
17. xAI / Grok for Government
xAI is a frontier-model national-security entrant.
xAI announced Grok for Government, a $200 million ceiling contract with the Department of Defense, and availability through the General Services Administration schedule, allowing federal departments, agencies, and offices to access xAI frontier AI products.
xAI-related deployments fail the Index if public institutions cannot independently validate model behavior, reliability, safety boundaries, audit logs, data controls, update behavior, mission-specific risks, and suspension authority before using Grok systems in authority-sensitive contexts.
The issue is not whether xAI should serve government customers.
The issue is whether a rapidly evolving frontier model can enter public command environments before institutional controls mature enough to constrain it.
To rebut the finding, agencies using xAI systems would need to produce model-evaluation reports, red-team results, data-use limits, classified-environment controls, audit logs, human-review procedures, procurement terms, model-update notice requirements, and exit plans.
Speed is not command.
Procurement access is not governance.
18. NVIDIA
NVIDIA is a compute-sovereignty layer.
NVIDIA describes an AI Factory for Government reference design that gives agencies the ability to deploy and manage heterogeneous AI workloads, including agentic AI, reasoning AI, and high-performance computing, while maintaining alignment with security configurations. NVIDIA also describes federal AI offerings for secure, scalable AI and accelerated computing for government agencies and partners.
NVIDIA-related dependency fails the Index if public institutions cannot demonstrate resilience against compute-stack concentration, supply-chain fragility, infrastructure lock-in, software-stack dependency, and inability to evaluate or operate AI workloads outside a narrow hardware ecosystem.
The issue is not that NVIDIA is irresponsible.
The issue is that compute has become a sovereignty surface.
To rebut the finding, public institutions relying on NVIDIA-heavy AI infrastructure would need to produce supply-chain risk assessments, alternative compute strategies, software portability plans, infrastructure-resilience tests, procurement diversification analysis, and long-term capacity planning.
Public authority cannot be fully sovereign if the compute layer beneath it is strategically uncommandable.
IX. Tier Four: Civic-Perception Platforms
19. Meta
Meta is a civic-perception and recommender-authority layer.
Meta has published system cards explaining how AI-powered recommender systems work across Facebook and Instagram, including Facebook Feed, Feed Recommendations, Reels, Stories, Groups, Search, People You May Know, Instagram Feed, Explore, Suggested Accounts, and other surfaces. Meta has also stated that its AI systems rank content across Facebook and Instagram and that its systems use many predictions and signals to determine what content people see.
Meta fails the Index if democratic publics, researchers, regulators, and oversight bodies cannot meaningfully audit how AI systems shape civic attention, political exposure, public belief, synthetic-media circulation, youth cognition, crisis information, and collective memory.
The issue is not merely content moderation.
It is civic perception governance.
To rebut the finding, Meta would need to produce public-interest audit mechanisms, researcher access, recommender-system transparency, political-content amplification records, synthetic-media controls, youth-safety analysis, crisis-response logs, foreign-influence detection evidence, and accountability mechanisms sufficient for democratic oversight.
A recommender system at this scale is not neutral infrastructure.
It is a civic perception engine.
20. TikTok / ByteDance / TikTok U.S. Governance Structure
TikTok is a foreign-influence and civic-perception layer.
The TikTok U.S. joint venture was announced in January 2026 as TikTok USDS Joint Venture LLC. Reporting on the arrangement states that ByteDance holds a 19.9 percent stake, that Oracle will store U.S. data, and that the joint venture will retrain, test, and update the recommendation algorithm on U.S. user data. That same reporting described continuing lawmaker questions about whether the arrangement truly removes foreign influence over the algorithm.
TikTok fails the Index if the public and oversight bodies cannot verify who effectively controls the recommendation system, how it is updated, how content is amplified or suppressed, how foreign influence is prevented, and whether algorithmic governance is genuinely independent.
The issue is not whether TikTok is uniquely dangerous compared with every other platform.
The Index point is broader: when a recommender system shapes civic perception at national scale, algorithmic command becomes public-power relevant.
To rebut the finding, TikTok would need to produce algorithm-governance documentation, independent audit results, data-flow controls, update logs, source-code review procedures, foreign-influence safeguards, Oracle oversight details, ownership and licensing clarity, and public-interest transparency sufficient to demonstrate real control.
A domestically governed app experience is not enough if the underlying recommender authority remains difficult to verify.
X. Cross-Institutional Findings
The first finding is that AI adoption is moving faster than public-command evidence.
The OMB inventory reveals thousands of reported federal AI use cases and hundreds of high-impact systems. But an inventory is not command proof. It does not establish explainability, appealability, override reality, data sovereignty, vendor exit capacity, model-change control, or operational independence.
The second finding is that the most sovereignty-sensitive systems are often the least publicly visible.
The OMB inventory excludes certain national-security, Intelligence Community, and defense or war-department uses from public release. Those exclusions may be legally and operationally justified. But they increase the need for trusted internal oversight, congressional access, inspector-general review, classified red-teaming, and command-preservation evidence.
The third finding is that the object of governance is no longer a discrete AI tool.
The command-critical systems are cloud platforms, enterprise search systems, frontier models, productivity copilots, agentic workflows, data-fusion platforms, recommender systems, AI factories, compute stacks, and model-hosting environments.
The fourth finding is that vendor dependency is becoming a sovereignty issue.
Public institutions may legitimately rely on private vendors. But when vendors provide the model layer, cloud layer, compute layer, data layer, productivity layer, and interface layer, dependency becomes a governance fact.
The fifth finding is that human oversight is easier to assert than to prove.
A human signature does not prove human command.
The Index asks whether the human has time, authority, information, training, institutional support, and operational alternatives sufficient to reject the machine output.
The sixth finding is that cognitive sovereignty remains undermeasured.
Meta and TikTok make this visible, but the same issue appears in education, public communications, intelligence analysis, search, synthetic media, political advertising, and AI-assisted institutional memory.
The seventh finding is that “high impact” is not the same as “command critical.”
A system may be command critical even if it does not directly deny benefits, sentence defendants, target enemies, or trigger enforcement. If it shapes what an institution sees, searches, summarizes, prioritizes, drafts, recommends, remembers, or ignores, it may become part of the authority structure.
XI. What Failure Requires
Failure does not require catastrophe.
Failure does not require malicious intent.
Failure does not require proven civil-rights harm.
Failure does not require full automation.
Failure does not require a rogue model.
Failure does not require that every human be removed from the process.
Failure requires only one thing: Public authority has become materially dependent on a machine system that the institution cannot adequately explain, audit, contest, replace, suspend, or govern.
That is the standard.
It is colder than rhetoric.
It is also more severe.
A society does not need to wait for visible institutional collapse before measuring dependency.
By the time dependency becomes obvious, command may already have moved.
XII. Governance Consequences
A Sovereign Intelligence Index failure finding should not automatically trigger shutdown.
It should trigger governance escalation.
For defense and intelligence, escalation should include command-chain review, classified oversight, red-team evaluation, model-change control, human-judgment protection, operational fallback testing, and strict rules for lethal, strategic, or national-security decision contexts.
For justice and courts, escalation should include disclosure standards, record-integrity rules, evidentiary safeguards, appealability, judicial verification, legal research controls, and strict limits on hidden machine influence.
For benefits, health, and taxation systems, escalation should include affected-person notice, explanation, human review, reversal capacity, accessibility safeguards, public reporting where lawful, and proof that AI has not become the practical default for vulnerable populations.
For energy and scientific systems, escalation should include reproducibility review, safety validation, independent expert challenge, compute-dependency analysis, and continuity planning for critical scientific and infrastructure functions.
For cloud and frontier-model providers, escalation should include audit rights, data rights, logs, portability, model-change monitoring, suspension authority, vendor-exit capacity, and public-sector procurement review.
For recommender platforms, escalation should include public-interest auditing, researcher access, provenance tools, synthetic-media controls, foreign-influence review, political-content transparency, and democratic-accountability mechanisms.
For compute infrastructure, escalation should include diversification strategy, supply-chain review, operational resilience, alternative compute capacity, and public-interest planning for AI infrastructure concentration.
Failure is therefore not a verdict.
It is a trigger.
It means the institution has entered a command-risk zone and must prove that authority has not silently migrated into systems it cannot govern.
XIII. Final Finding
The twenty institutions identified in this report are not listed because they are the worst actors.
They are listed because they are command-critical.
They sit where AI touches power.
They would likely fail a public-command audit today for one of two reasons.
Either public evidence already suggests structural dependency risk.
Or public evidence is insufficient to prove retained command.
Both findings matter.
A republic does not need certainty of collapse before measuring dependency.
It needs measurement before dependency becomes irreversible.
The final Sovereign Intelligence Index finding is this: The most dangerous AI governance failure is not that machines will make decisions alone.
It is that humans will continue signing decisions after machine systems have already made independent judgment impractical.
That is how authority moves.
Not always by law.
Not always by force.
Often through dependency.
The republic does not lose command when machines become conscious.
It loses command when institutions become dependent.
The Sovereign Intelligence Index exists to detect that transfer before public institutions become formally responsible for systems they can no longer command.

