AI is rapidly becoming part of defense operations, accelerating planning, intelligence analysis, decision support, and operational coordination. As AI becomes more embedded in command-and-control and mission workflows, protecting the growing volume of stored mission data is becoming a critical operational requirement.
Pentagon officials report that AI use across the Department of War increased by 1,775% over the past year, growing by approximately 1.42 million users.¹ Leaders have described this shift as part of an effort to embed AI into defense systems so warfighters can make faster, more precise decisions. As AI moves closer to real-time battlefield and mission environments, sensitive data will increasingly reside on systems, creating new security and data protection challenges for defense organizations.
For defense teams, a central issue is whether data-at-rest security can be deployed wherever mission data lives. In distributed environments, deployment is not just an operational concern, it is a security requirement. If mission data protection cannot be deployed, updated, recovered, audited, and sanitized at scale, coverage will be uneven, creating risk across the mission data footprint.
AI Scale Creates Data Protection Challenges
As AI adoption grows, defense teams face several practical data protection challenges:
1. AI Significantly Increases the Volume of Sensitive Mission Data
AI systems continuously process and generate imagery, video, intelligence reports, targeting information, mission plans, and sensor data that must be secured.
2. AI Workflows Expand Data Storage & Moves Frequently Across Operational Devices
Sensitive data is increasingly stored on laptops, tactical systems, removable media, mission computers, and edge devices used during operations.
3. Operational Devices Must Remain Secure Even When Offline or Powered Off
Defense systems require data-at-rest protection whether devices are operating in disconnected environments, exposed outside controlled facilities, or stored inside facilities where insider threat still poses a risk of information being lost, stolen, or captured.
4. Consistent Protection Requires Scalable Deployment
A strong security architecture does not reduce risk if it cannot be deployed and sustained across the systems where mission data actually lives.
5. AI Workflows Increase Residual Data Risk
Mission data may remain on systems after use, transfer, repurposing, or mission completion, creating exposure if devices are retired, reassigned, captured, or removed from service without data destruction.
How to Secure Mission Data as AI Scales
1. Map and Prioritize the Mission Data Footprint
The first step is understanding where sensitive data lives throughout the AI workflow and which systems present the greatest operational risk. That includes source data, AI outputs, analyst work products, exported files, cached data, operational summaries, and mission artifacts stored on endpoints, servers, removable media, tactical systems, or edge platforms.
Defense teams should assess not only the central AI platform, but also the devices and systems that store, stage, review, transfer, or act on its data. Risk should be prioritized based on the sensitivity of stored data, mission criticality, physical exposure, connectivity, lifecycle stage, and likelihood of transfer, repurposing, loss, or capture. Systems operating outside controlled facilities often present higher physical access risk, but every system storing classified data at rest needs consistent protection that can be deployed, managed, audited, and sustained.
2. Implement Hardware-Based Outer-Layer Protection
For classified environments, the NSA CSfC Data-at-Rest model provides a framework for protecting stored classified data using two independently implemented layers.²
The outer layer commonly uses hardware full drive encryption on a self-encrypting drive, paired with pre-boot authentication controlling when the encrypted drive is unlocked. This helps protect stored data before the operating system loads and before device possession can become data access. This outer layer is especially important for systems that may be powered off, transported, staged, transferred, lost, captured, or removed from controlled environments.
3. Add Independent Software Full Drive Encryption
The inner layer commonly uses software full drive encryption that is independently implemented from the hardware-based outer layer. Because it can be deployed to existing systems without waiting for hardware provisioning or refresh cycles, software full drive encryption can help defense teams rapidly extend protection to devices already deployed in the field.
This second layer helps reduce dependency on any single protection by adding separate cryptographic enforcement, separate key management, and a distinct protection boundary for stored mission data providing defense-in-depth. Together, the outer and inner layers help protect classified Data at Rest when systems are powered off, unauthenticated, lost, captured, transferred, or repurposed.
4. Treat Scalable Deployment as a Security Requirement
A strong architecture is only effective if it can be deployed consistently.
Defense environments include existing systems, new procurements, mixed hardware, mission-specific configurations, disconnected platforms, servers, and large endpoint environments.
As AI expands the number of systems that may store sensitive mission data, DAR protection must be deployable at scale. Teams need repeatable ways to configure, enforce, update, monitor, and maintain protections.
If protection cannot be deployed where the data lives, then it cannot reduce risk at mission scale.
5. Plan for Lifecycle Control and Secure Sanitization
Data protection does not end when a device is deployed. Defense teams also need lifecycle control: updates, policy enforcement, credential changes, recovery workflows, auditability, decommissioning, and secure sanitization when systems are retired, repurposed, transferred, or exposed to emergency conditions.
As quantum-era concerns increase the focus on long-term data confidentiality, defense teams should avoid leaving residual data recoverable on mission systems. Secure sanitization helps reduce future exploitation risk by ensuring sensitive data is no longer recoverable when systems are retired, transferred, repurposed, or exposed to emergency conditions.
AI-driven operations will continue to generate new data, new workflows, and new deployment patterns. DAR protection must be able to adapt as mission environments change.
AI Modernization and DAR Protection Must Advance Together
The accelerating adoption of AI within the Department of War (DoW) is forcing defense organizations to rethink how quickly data moves, how widely it is used, and how much operational value it delivers.
If AI systems depend on mission data, then protecting that data must be part of AI readiness wherever it is stored, especially on endpoints, servers, tactical systems, and edge platforms outside controlled environments.
For classified data at rest, that means independently implemented protections aligned to CSfC requirements, authenticated access, protection for powered-off and unauthenticated devices, auditability, secure sanitization, lifecycle control, and deployment across distributed defense systems.
The use of AI is scaling quickly across the DoW. Data-at-Rest protection must scale with it.
How Cigent Helps
Trusted Across Defense and Intelligence Programs
Cigent partners with defense teams to protect mission-critical data at rest across endpoints, servers, and edge systems where sensitive mission data is created, stored, cached, and retained. Cigent solutions are widely deployed and trusted across federal and defense programs, including within the Department of War, intelligence community, federal civilian agencies, and the defense industrial base.
Built for Mission Requirements
Designed and developed with and for U.S. Intelligence and Defense communities, Cigent combines TS/SCI-cleared expertise, U.S.-based software development, and hands-on experience supporting complex and custom mission requirements. As AI accelerates the creation and use of sensitive mission data, Cigent helps defense teams extend data-at-rest protection across operational environments and sustain that protection at mission scale.
That is the core requirement for AI-era defense security: protection that is not only architected correctly, but implemented with a partner that understands mission environments, compliance requirements, and operational scale.
To learn more about securing your data and ensuring mission success, visit Cigent.com.
References
¹ Based on Pentagon News reporting from May 2026: “Senior DOW Tech Official Says Department AI Use Up 1,775% in Past Year.”
² NSA CSfC Data-at-Rest (DAR) Capability Package Version 5.1.0.
Conner Crisafulli is a solutions engineer and cybersecurity professional at Cigent with a unique background bridging elite military operations and advanced data security. Before joining Cigent, Conner served six years as a U.S. Air Force Combat Controller, where he specialized in high-stakes mission planning, communication systems, and joint operations coordination/execution. Drawing from his experience in complex, contested environments, Conner now helps federal agencies and enterprise clients strengthen their data-at-rest protection strategies. At Cigent, he focuses on practical applications of self-encrypting drives (SEDs), pre-boot authentication (PBA), and various CSfC (commercial solutions for classified) technologies to safeguard sensitive data against evolving cyber threats.