Public-Sector AI Needs Secure, Controlled Collaboration

AI has grown up fast: The public sector’s open-ended experimentation with AI is now giving way to more secure, governed deployment — with tighter expectations around data access, oversight, compliance, and human review.

A recent blog post from Snowflake captures the shift well, particularly in its argument that agencies will move toward “secure, governed enclaves” as AI becomes more operational. This is spot-on. But it is only part of the story.

The next challenge for public-sector AI is not just how to secure AI inside a single environment. It is how to enable secure collaboration across organizational boundaries without forcing data owners to give up control.

That is where the conversation needs to go next.

Collaboration is King

Public-sector work is inherently multi-party. Agencies share sensitive information with other agencies, contractors, and of course, mission partners. Data moves across missions, jurisdictions, and technical environments. And in many cases, not every participant operates on the same platform, under the same administrative domain, or within the same commercial ecosystem.

That makes the architectural challenge more complicated than simply standing up a secure enclave. In practice, the harder problem is how to collaborate on sensitive data when the participants do not all live inside the same trust boundary.

Sensitive data is meant to be shared; mission outcomes depend on it. The challenge is not solely whether it can be locked down completely. The real challenge is whether it can be shared in ways that preserve stewardship, with granular controls, clear entitlements, and durable protections that persist across parties.

Recommended Reading: The Era of AI: Why “Metadata on Data” is Critical Infrastructure

Where and When This Matters

The core principles of securely governed and controlled collaboration are relevant in many familiar scenarios:

• Sharing files with mission partners
• Jointly reviewing or editing sensitive documents
• Contributing protected inputs into a common analytics environment
• Generating derived insights from multiple agencies’ data
  
  

And this matters even more in agentic workflows. As AI moves beyond chat interfaces and into systems that retrieve, analyze, and act on shared information, governance cannot stop at the platform boundary. It has to travel with the data — and that applies both to the information flowing into agentic workflows and the outputs they generate .

If agencies are going to authorize AI agents to operate on sensitive information, they will need a model that supports fine-grained rights management for both people and machines. The core question is no longer just who can access a system. It is who (or what) is entitled to do what with the data.

This is why interoperability and open standards matter so much in the public sector. Secure collaboration cannot depend on every participant first joining the same ecosystem before work can begin. This is simply unrealistic. Instead, the architecture must assume heterogeneity: different systems, different organizations, different levels of technical maturity, and different trust relationships. Governance must hold up anyway.

To Look Forward, We Must Zoom Out

The future of public-sector AI will absolutely be more secure, more governed, and more operationally mature. But in order for it to be effective, it will also need to be more collaborative. The organizations — and missions — that succeed will be the ones that can protect sensitive data without isolating it, and that can enable sharing without giving up control.

Secure enclaves are certainly part of the answer. A solution for secure, controlled collaboration will be the bigger test.