Short list. Serious list. Almost all of it comes down to data and who has a right to expect it stays where they put it.
The list of places where AI does not belong is shorter than you might expect. Most of it comes down to data: whose data it is, what the markings on it say, and what someone else has a right to expect about where that data ends up. Almost every hard rule on this page falls into one of those three buckets.
If it came from a contractor, it does not go into a commercial AI tool. Quotes, proposals, cost breakdowns, pricing sheets, technical write-ups, capability statements, anything a company handed you in a competitive context. That data belongs to the company. You are a CO or a COR because a federal process earned their trust to handle that material inside a federal boundary. Pasting a quote into Claude or ChatGPT to "get a quick summary" ships it off to a third-party system that vendor never consented to. That is a duty-of-care problem before it is anything else.
The temptation got bigger the moment these tools started accepting drag-and-drop uploads. The friction used to be typing the document out. Now it is two clicks. Do not let the convenience talk you across the line. Until the government stands up sanctioned enclaves for this kind of work, proprietary stays on federal systems.
There is a middle path and it is worth getting right. The trick is to use AI to build the tool, not to hand it the data. Say you have eight quotes coming in for a product buy. Ask Claude to spin up an Excel workbook that takes eight quote totals, returns mean, median, and standard deviation, flags anything more than a standard deviation off the pack, and gives you a quick bar chart. A few minutes later you have a working spreadsheet. Close the AI tab, open the spreadsheet on your own machine, and plug the real numbers in yourself.
Same pattern scales. Need a simple IGCE roll-up? Have AI build the template. Need a matrix that scores technical responses against a rubric? Have AI build the matrix. In every case the proprietary data lives in a file on your machine, and the AI never sees any of it.
AI builds the calculator. You run it on your data. The model never sees the vendor names, the quote totals, or anything that belonged to an offeror in the first place. A future price analysis helper on this site will be built the same way, as a local tool you download and run yourself.
CUI sits in the same category as proprietary, with a narrow exception. GenAI.mil is cleared for certain levels of CUI, which is one of the real differentiators over commercial tools today. The problem is that the platform currently available on it is the weakest of the big four, so the window where that permission actually buys you meaningful leverage is small. If you have found a genuinely useful workflow that uses the CUI-eligible version, I want to hear about it, because I have not found many.
For the commercial tools, treat CUI like you treat proprietary. Paste nothing. Drag and drop nothing. The markings exist because the originating office made a control decision. Your convenience does not override that decision.
Classified never touches commercial AI. No framing, no rewording, no "just the unclassified parts." If the source document is classified, it is a clean no.
PII lives in the same bucket as CUI and proprietary. Resumes on a service contract, incumbent employee lists, vendor personnel data, anything with names and identifiers: stay inside federal boundaries. Attorney-client privileged material is its own layer on top. Uploading a JAG discussion to a consumer AI tool risks waiving privilege entirely, which is a bigger problem than the data leak itself. Privilege is a legal protection that attaches to the communication, and once you spill it into a third-party system, it is very hard to argue it still attaches.
If the document is marked Source Selection Sensitive, AI does not see it. That is the short rule.
The longer version is that a lot of material is effectively source-selection sensitive before the marking catches up to it:
If the document describes how you ranked offerors, or why one won and others did not, keep it off AI. The procurement integrity exposure here is real, and the fact that the marking has not been stamped yet does not change the substance of what you are holding.
I would not use AI in an acquisition without disclosing it in the solicitation. Offerors submit on the assumption of a specific evaluation process. Running their proposal through a tool they never agreed to is a change to that process, and it is the kind of change that sets up a protest without much of a defense.
There is a world where we reach an AI use disclosure that lives in the solicitation the same way evaluation factors do today. A paragraph that names the specific tool, the specific task it will perform, the data handling terms, and a mechanism for offerors to consent or object. That is the clean version of this.
As of 23 April 2026, we are not there. An undisclosed AI use in proposal evaluation is an easy protest and, in the right forum, a comfortable sustain.
If your document is marked anything at all, do not put it in AI. CUI. Source Selection Sensitive. Proprietary. FOUO. Pre-decisional. Privileged. Any of those markings mean somebody else already made a control decision about that content. Your drag-and-drop does not override it.
When you are uncertain, default to "no." The cost of not using AI on a given document is low. The cost of using it on the wrong document is a procurement-integrity finding, a sustained protest, a privilege waiver, or an IG interview, depending on which flavor you picked. The math on that trade is not close.
If you think something belongs on this list and is not here, tell me and I will add it.