The four questions every government leader should be asking about AI

The pace of change in AI is reshaping how governments approach national security, economic progress, scientific discovery, and critical infrastructure. Over the past several months, I’ve sat across the table from cabinet officials, combatant commanders, intelligence leaders, and their counterparts worldwide. The conversations are urgent, the stakes are real, and the questions keep coming back to four themes.

1. GPUs alone are not an AI strategy

Many believe that AI success requires rooms full of GPUs. Procure the hardware, secure power agreements, stand up the clusters, and mission outcomes will follow. I understand the instinct—it feels tangible, controllable, sovereign. But hardware alone has never been the bottleneck.

A room full of GPUs isn’t a capability. Organizations often underestimate the cost and complexity to deliver at scale with monitoring, governance, and security. The real challenge is the time it takes to get from raw hardware and data to mission insight and capability, a problem that requires integrated services working together seamlessly.

On-premises AI infrastructure requires building or leasing specialized facilities, months of procurement lead time, and teams of engineers to manage GPU clusters. By the time you’ve stood up the environment, you’re already a generation behind your adversaries.

Security at scale matters. Cyber threats are industrialized, automated, and accelerating. CrowdStrike’s 2025 Global Threat Report documented a 150% surge in state-sponsored espionage in 2024, with 300% spikes in critical industries. Attacks on healthcare, energy, and government infrastructure are relentless. Protecting critical assets against this threat landscape means building and automating security operations from scratch.

In the cloud, that protection comes at scale. Amazon Web Services (AWS) monitors 4.8 billion flows of network traffic per second and 1 billion host telemetry events per second. Our active defense systems, from global honeypot intelligence to automated takedown of malicious infrastructure, operate at a scale only possible in the cloud.

We’re already seeing this at Idaho National Laboratory, where agentic AI tools compress nuclear energy design cycles from years to months. The scientists aren’t managing infrastructure or defending perimeters—they’re focused on breakthrough research.

The question government leaders should be asking isn’t “where do I put my GPUs?” It’s “how can I move my people from data to decision faster?” The answer lives in the cloud.

2. Mission-critical requires resilience

Recent events worldwide have reminded us that physical infrastructure, no matter where it sits, is not immune to disruption. Data centers can be impacted by conflict, natural disasters, and cascading failures. These sobering realities deserve serious architectural thinking, not slogans.

The instinct to spread workloads as a hedge against disruption is understandable. But it conflates two different concepts: multi-cloud and multi-region. Multi-cloud is about choice, and choice is valuable. The question is how to exercise options in ways that strengthen resilience rather than fragment your workload’s security and operational posture. There are scenarios where multi-cloud makes sense: different mission areas with distinct requirements, workload-specific optimizations, or regulatory mandates requiring provider diversity.

Multi-region is an architecture discipline of isolated regions, each with independent power, cooling, and networking, designed to fail over. Not all cloud regions are created equal. AWS is intentionally architected for resilience through AWS Regions and Availability Zones. Each AWS Region is physically isolated from other Regions, and each contains multiple Availability Zones with independent power, cooling, and networking. This is a fundamental architectural difference that directly influences mission continuity decisions.

Multi-cloud introduces operational complexity. Maintaining full workload portability between providers means duplicating security models, replicating data pipelines, training teams on multiple platforms, and managing the overhead of fundamentally different architectures. In a threat environment where nation-state actors run years-long campaigns against critical infrastructure, fragmented security postures and complexity are what adversaries exploit.

The biggest cost reductions and strongest security outcomes result from the depth of a well-architected and optimized environment with a provider that has earned the right to run your most sensitive workloads.

3. No government should bet its mission on a single foundation model

The foundation model (FM) landscape is moving faster than any technology cycle I’ve seen in my career. Models that lead today might be unavailable or surpassed tomorrow. Licensing terms shift. Geopolitical considerations emerge. New capabilities appear from unexpected places. In this environment, locking your mission to a single model provider isn’t a strategy.

This is why Amazon Bedrock provides access to multiple FMs with consistent security controls, governance guardrails, and compliance frameworks. You choose the model that fits the mission. When the landscape shifts, as it inevitably will, you switch without re-architecting your application and security posture.

Model choice is only the beginning. AWS helps customers build systems that can plan, reason, and execute multistep tasks on behalf of mission operators. Amazon Bedrock AgentCore simplifies how to build, deploy, and scale these agentic capabilities on top of an increasing choice of models. When your agent framework is model-agnostic, you can swap or tailor the underlying FMs without rebuilding the workflow, giving government teams the ability to adopt the best available model for each mission as the landscape evolves.

Your data, together with model choice, unlocks differentiation. Government organizations gain the most when they combine open-source and commercial models with domain-specific data such as geospatial intelligence, medical records, logistics patterns, and threat assessments. This requires capabilities for fine-tuning, continued pre-training, agents, knowledge bases, and guardrails.

The model landscape will shift. The only question is whether your architecture lets you shift with it.

4. What AWS is doing about it

Government leaders consistently ask, “What are you actually doing?”

We’re investing at scale: AWS announced an investment of up to $50 billion in AI and supercomputing infrastructure for US government agencies, adding nearly 1.3 gigawatts of capacity across Top Secret, Secret, and AWS GovCloud (US) Regions.

We’re removing financial barriers with up to $100 million in federal credits: $50 million through the Warfighter Capability Accelerator for DoD and the defense industrial base, and $50 million through the Genesis Accelerator for DOE, national labs, and research organizations. Through OneGov, we’re simplifying the path for government builders to modernize to cloud services with $1B in savings to accelerate their cloud journeys.

We’re also continuing to increase the availability of new services, features, and models across our government Regions, expanding our partner network to help commercial cloud innovation reach the mission as fast as possible.

And we’re protecting the broader internet, not only our own infrastructure. In the past year, we’ve dismantled criminal botnets, disrupted nation-state cyber campaigns, and shared threat intelligence with governments and partners worldwide. We process 1 billion honeypot interactions per day and have prevented 2.7 trillion scanning attempts in the last twelve months. Security isn’t a feature we bolt on—it’s foundational to everything we build.

We’ve been doing this for more than 15 years. First to build purpose-built government infrastructure. First to achieve accreditation across all classification levels. First to bring generative AI to the most sensitive government environments. That’s not a talking point—it’s a commitment.

What government leaders should do next

The technology is proven and available. What’s needed now is action:

• Stress-test your resilience architecture – Ask your team: if your data center goes down tomorrow, what’s your recovery time? If the answer involves rebuilding across a different provider, you don’t have resilience—you have a plan to rebuild. Architect for multi-Region failover within a proven provider and exercise it. Use our Mission Resilience lens to implement best practices.
• Adopt a multi-model strategy now – Don’t wait for a model to be restricted or deprecated. Stand up a multi-model environment through Amazon Bedrock today, fine-tune on your domain data, and build the muscle to switch to new models and versions as the landscape shifts.
• Pick a real mission problem and see what agentic AI can do now – Compress a timeline. Automate a workflow. Show your organization what’s possible when the infrastructure gets out of the way.
• Engage us – The credits are available. The infrastructure is built for government. Our partners are ready. Reach out to your AWS account team or visit AWS Cloud Computing for Federal Government to connect with an expert on your mission.

The convergence of AI, cloud computing, and national security is creating an inflection point that will define the next decade of government capability. The path forward isn’t through rooms full of GPUs and fragmented architectures. It’s through decisive action on a secure, scalable, multi-model cloud—backed by a team with the deepest government cloud experience in the world.

We’re ready. Let’s build together.