[{"data":1,"prerenderedAt":572},["ShallowReactive",2],{"/en-us/the-source/authors/bob-stevens/":3,"footer-en-us":33,"the-source-banner-en-us":340,"the-source-navigation-en-us":352,"the-source-newsletter-en-us":380,"authors-en-us":391,"categories-en-us":423,"bob-stevens-articles-list-en-us":424},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":10,"content":12,"type":25,"slug":26,"_id":27,"_type":28,"title":11,"_source":29,"_file":30,"_stem":31,"_extension":32},"/en-us/the-source/authors/bob-stevens","authors",false,"",{"layout":9},"the-source",{"title":11},"Bob Stevens",[13,23],{"componentName":14,"type":14,"componentContent":15},"TheSourceAuthorHero",{"config":16,"name":11,"role":19,"headshot":20},{"gitlabHandle":17,"linkedInProfileUrl":18},"bstevens1","https://www.linkedin.com/in/bob-stevens-1237564/","Public Sector Area Vice President, GitLab",{"altText":11,"config":21},{"src":22},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1752687939/mv3lhtimdzr8jmfqmbk1.jpg",{"componentName":24,"type":24},"TheSourceArticlesList","author","bob-stevens","content:en-us:the-source:authors:bob-stevens.yml","yaml","content","en-us/the-source/authors/bob-stevens.yml","en-us/the-source/authors/bob-stevens","yml",{"_path":34,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":36,"_id":336,"_type":28,"title":337,"_source":29,"_file":338,"_stem":339,"_extension":32},"/shared/en-us/main-footer","en-us",{"text":37,"source":38,"edit":44,"contribute":49,"config":54,"items":59,"minimal":328},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":39,"config":40},"View page source",{"href":41,"dataGaName":42,"dataGaLocation":43},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":45,"config":46},"Edit this page",{"href":47,"dataGaName":48,"dataGaLocation":43},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":50,"config":51},"Please contribute",{"href":52,"dataGaName":53,"dataGaLocation":43},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":55,"facebook":56,"youtube":57,"linkedin":58},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[60,87,159,227,289],{"title":61,"links":62,"subMenu":68},"Platform",[63],{"text":64,"config":65},"DevSecOps platform",{"href":66,"dataGaName":67,"dataGaLocation":43},"/platform/","devsecops platform",[69],{"title":70,"links":71},"Pricing",[72,77,82],{"text":73,"config":74},"View plans",{"href":75,"dataGaName":76,"dataGaLocation":43},"/pricing/","view plans",{"text":78,"config":79},"Why Premium?",{"href":80,"dataGaName":81,"dataGaLocation":43},"/pricing/premium/","why premium",{"text":83,"config":84},"Why Ultimate?",{"href":85,"dataGaName":86,"dataGaLocation":43},"/pricing/ultimate/","why ultimate",{"title":88,"links":89},"Solutions",[90,95,99,104,109,114,119,124,129,134,139,144,149,154],{"text":91,"config":92},"Digital transformation",{"href":93,"dataGaName":94,"dataGaLocation":43},"/topics/digital-transformation/","digital transformation",{"text":96,"config":97},"Application Security Testing",{"href":98,"dataGaName":96,"dataGaLocation":43},"/solutions/application-security-testing/",{"text":100,"config":101},"Automated software delivery",{"href":102,"dataGaName":103,"dataGaLocation":43},"/solutions/delivery-automation/","automated software delivery",{"text":105,"config":106},"Agile development",{"href":107,"dataGaName":108,"dataGaLocation":43},"/solutions/agile-delivery/","agile delivery",{"text":110,"config":111},"Cloud transformation",{"href":112,"dataGaName":113,"dataGaLocation":43},"/topics/cloud-native/","cloud transformation",{"text":115,"config":116},"SCM",{"href":117,"dataGaName":118,"dataGaLocation":43},"/solutions/source-code-management/","source code management",{"text":120,"config":121},"CI/CD",{"href":122,"dataGaName":123,"dataGaLocation":43},"/solutions/continuous-integration/","continuous integration & delivery",{"text":125,"config":126},"Value stream management",{"href":127,"dataGaName":128,"dataGaLocation":43},"/solutions/value-stream-management/","value stream management",{"text":130,"config":131},"GitOps",{"href":132,"dataGaName":133,"dataGaLocation":43},"/solutions/gitops/","gitops",{"text":135,"config":136},"Enterprise",{"href":137,"dataGaName":138,"dataGaLocation":43},"/enterprise/","enterprise",{"text":140,"config":141},"Small business",{"href":142,"dataGaName":143,"dataGaLocation":43},"/small-business/","small business",{"text":145,"config":146},"Public sector",{"href":147,"dataGaName":148,"dataGaLocation":43},"/solutions/public-sector/","public sector",{"text":150,"config":151},"Education",{"href":152,"dataGaName":153,"dataGaLocation":43},"/solutions/education/","education",{"text":155,"config":156},"Financial services",{"href":157,"dataGaName":158,"dataGaLocation":43},"/solutions/finance/","financial services",{"title":160,"links":161},"Resources",[162,167,172,177,182,187,192,197,202,207,212,217,222],{"text":163,"config":164},"Install",{"href":165,"dataGaName":166,"dataGaLocation":43},"/install/","install",{"text":168,"config":169},"Quick start guides",{"href":170,"dataGaName":171,"dataGaLocation":43},"/get-started/","quick setup checklists",{"text":173,"config":174},"Learn",{"href":175,"dataGaName":176,"dataGaLocation":43},"https://university.gitlab.com/","learn",{"text":178,"config":179},"Product documentation",{"href":180,"dataGaName":181,"dataGaLocation":43},"https://docs.gitlab.com/","docs",{"text":183,"config":184},"Blog",{"href":185,"dataGaName":186,"dataGaLocation":43},"/blog/","blog",{"text":188,"config":189},"Customer success stories",{"href":190,"dataGaName":191,"dataGaLocation":43},"/customers/","customer success stories",{"text":193,"config":194},"Remote",{"href":195,"dataGaName":196,"dataGaLocation":43},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":198,"config":199},"GitLab Services",{"href":200,"dataGaName":201,"dataGaLocation":43},"/services/","services",{"text":203,"config":204},"TeamOps",{"href":205,"dataGaName":206,"dataGaLocation":43},"/teamops/","teamops",{"text":208,"config":209},"Community",{"href":210,"dataGaName":211,"dataGaLocation":43},"/community/","community",{"text":213,"config":214},"Forum",{"href":215,"dataGaName":216,"dataGaLocation":43},"https://forum.gitlab.com/","forum",{"text":218,"config":219},"Events",{"href":220,"dataGaName":221,"dataGaLocation":43},"/events/","events",{"text":223,"config":224},"Partners",{"href":225,"dataGaName":226,"dataGaLocation":43},"/partners/","partners",{"title":228,"links":229},"Company",[230,235,240,245,250,255,260,264,269,274,279,284],{"text":231,"config":232},"About",{"href":233,"dataGaName":234,"dataGaLocation":43},"/company/","company",{"text":236,"config":237},"Jobs",{"href":238,"dataGaName":239,"dataGaLocation":43},"/jobs/","jobs",{"text":241,"config":242},"Leadership",{"href":243,"dataGaName":244,"dataGaLocation":43},"/company/team/e-group/","leadership",{"text":246,"config":247},"Team",{"href":248,"dataGaName":249,"dataGaLocation":43},"/company/team/","team",{"text":251,"config":252},"Handbook",{"href":253,"dataGaName":254,"dataGaLocation":43},"https://handbook.gitlab.com/","handbook",{"text":256,"config":257},"Investor relations",{"href":258,"dataGaName":259,"dataGaLocation":43},"https://ir.gitlab.com/","investor relations",{"text":261,"config":262},"Sustainability",{"href":263,"dataGaName":261,"dataGaLocation":43},"/sustainability/",{"text":265,"config":266},"Diversity, inclusion and belonging (DIB)",{"href":267,"dataGaName":268,"dataGaLocation":43},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":270,"config":271},"Trust Center",{"href":272,"dataGaName":273,"dataGaLocation":43},"/security/","trust center",{"text":275,"config":276},"Newsletter",{"href":277,"dataGaName":278,"dataGaLocation":43},"/company/contact/","newsletter",{"text":280,"config":281},"Press",{"href":282,"dataGaName":283,"dataGaLocation":43},"/press/","press",{"text":285,"config":286},"Modern Slavery Transparency Statement",{"href":287,"dataGaName":288,"dataGaLocation":43},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":290,"links":291},"Contact Us",[292,297,302,307,312,317,322],{"text":293,"config":294},"Contact an expert",{"href":295,"dataGaName":296,"dataGaLocation":43},"/sales/","sales",{"text":298,"config":299},"Get help",{"href":300,"dataGaName":301,"dataGaLocation":43},"/support/","get help",{"text":303,"config":304},"Customer portal",{"href":305,"dataGaName":306,"dataGaLocation":43},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":308,"config":309},"Status",{"href":310,"dataGaName":311,"dataGaLocation":43},"https://status.gitlab.com/","status",{"text":313,"config":314},"Terms of use",{"href":315,"dataGaName":316,"dataGaLocation":43},"/terms/","terms of use",{"text":318,"config":319},"Privacy statement",{"href":320,"dataGaName":321,"dataGaLocation":43},"/privacy/","privacy statement",{"text":323,"config":324},"Cookie preferences",{"dataGaName":325,"dataGaLocation":43,"id":326,"isOneTrustButton":327},"cookie preferences","ot-sdk-btn",true,{"items":329},[330,332,334],{"text":313,"config":331},{"href":315,"dataGaName":316,"dataGaLocation":43},{"text":318,"config":333},{"href":320,"dataGaName":321,"dataGaLocation":43},{"text":323,"config":335},{"dataGaName":325,"dataGaLocation":43,"id":326,"isOneTrustButton":327},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":341,"_dir":342,"_draft":6,"_partial":6,"_locale":7,"visibility":327,"id":343,"title":344,"button":345,"_id":349,"_type":28,"_source":29,"_file":350,"_stem":351,"_extension":32},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":346,"text":348},{"href":347},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":353,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":354,"subscribeLink":359,"navItems":363,"_id":376,"_type":28,"title":377,"_source":29,"_file":378,"_stem":379,"_extension":32},"/shared/en-us/the-source/navigation",{"altText":355,"config":356},"the source logo",{"src":357,"href":358},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":360,"config":361},"Subscribe",{"href":362},"#subscribe",[364,368,372],{"text":365,"config":366},"Artificial Intelligence",{"href":367},"/the-source/ai/",{"text":369,"config":370},"Security & Compliance",{"href":371},"/the-source/security/",{"text":373,"config":374},"Platform & Infrastructure",{"href":375},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":381,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":382,"description":383,"submitMessage":384,"formData":385,"_id":388,"_type":28,"_source":29,"_file":389,"_stem":390,"_extension":32},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":386},{"formId":387,"formName":278,"hideRequiredLabel":327},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"amanda-rueda":392,"andre-michael-braun":393,"andrew-haschka":394,"ayoub-fandi":395,"bob-stevens":11,"brian-wald":396,"bryan-ross":397,"chandler-gibbons":398,"dave-steer":399,"ddesanto":400,"derek-debellis":401,"emilio-salvador":402,"erika-feldman":403,"george-kichukov":404,"gitlab":405,"grant-hickman":406,"haim-snir":407,"iganbaruch":408,"jason-morgan":409,"jlongo":410,"joel-krooswyk":411,"josh-lemos":412,"julie-griffin":413,"kristina-weis":414,"lee-faus":415,"ncregan":416,"rschulman":417,"sabrina-farmer":418,"sandra-gittlen":419,"sharon-gaudin":420,"stephen-walters":421,"taylor-mccaslin":422},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Brian Wald","Bryan Ross","Chandler Gibbons","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Jason Morgan","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Niall Cregan","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"ai":365,"platform":373,"security":369},{"allArticles":425,"visibleArticles":571,"showAllBtn":327},[426,466,503,535],{"_path":427,"_dir":428,"_draft":6,"_partial":6,"_locale":7,"slug":429,"type":430,"category":428,"config":431,"seo":434,"content":439,"_id":463,"_type":28,"title":437,"_source":29,"_file":464,"_stem":465,"_extension":32,"description":438,"date":440,"timeToRead":441,"heroImage":436,"keyTakeaways":442,"articleBody":446,"faq":447},"/en-us/the-source/ai/ai-agents-for-government-a-4-step-guide","ai","ai-agents-for-government-a-4-step-guide","article",{"layout":9,"template":432,"featured":6,"author":26,"sourceCTA":433,"isHighlighted":6,"authorName":11},"TheSourceArticle","source-lp-ai-powered-efficiency-modernizing-government-in-2025",{"config":435,"ogImage":436,"title":437,"description":438},{"noIndex":6},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1759170189/zmuyphijace09hvotjtp.png","AI agents for government: A 4-step guide","Transform federal software development with AI agents that accelerate delivery, reduce costs, and modernize legacy systems for mission success.",{"title":437,"description":438,"date":440,"timeToRead":441,"heroImage":436,"keyTakeaways":442,"articleBody":446,"faq":447},"2025-09-30","5 min read",[443,444,445],"AI agents automate complex development tasks, allowing federal teams to focus on strategic, mission-critical initiatives.","Government agencies can modernize legacy systems and reduce technical debt through intelligent AI-powered automation.","Success requires a phased approach: build AI comfort, establish governance, deploy agents, and continuously improve processes.","What if government agencies could cut software development timelines in half while simultaneously tackling the technical debt that has accumulated over decades? AI agents are making this possible, transforming how public sector organizations build and maintain the digital infrastructure that serves their citizens.\n\nRecent policy directives highlight the promise of AI for federal operations, encouraging agencies to use AI to deliver enhanced taxpayer value, improve public service quality, and boost operational performance. Software development within agencies presents an immediate opportunity for implementing AI.\n\n[AI agents](https://about.gitlab.com/the-source/ai/agentic-ai-unlocking-developer-potential-at-scale/) can drive this transformation by deploying intelligent systems that can initiate actions, make autonomous choices, and handle sophisticated tasks alongside development teams. This dramatically speeds up software creation cycles, allowing organizations to ship applications more quickly without compromising security and regulatory compliance.\n\nIn addition to efficiency gains, AI agents enable cost-effective modernization initiatives, including the reduction of technical debt, remediation of security vulnerabilities, and [the updating of legacy applications](https://about.gitlab.com/the-source/ai/how-ai-can-fix-governments-legacy-code-problem/) that federal agencies have relied on for decades. AI agents could solve problems such as decommissioning obsolete systems and outdated programming languages like COBOL.\n\nHowever, the effective use of AI agents requires a fundamental shift in development practices, moving toward true human-AI partnerships. This evolution doesn't eliminate the need for talented software engineers; rather, it enhances their abilities and reshapes their responsibilities in addressing the public sector's unique mission-focused challenges.\n\nTo capture the long-term advantages of AI agents, agencies must reimagine their development structures and workflows. This starts with a step-by-step approach to AI adoption, building core knowledge of AI agents and gradually developing into an ongoing optimization process.\n\n## Step 1: Build foundational AI proficiency\nOrganizations new to AI should start by developing familiarity, confidence, and expertise with AI-supported programming, documentation, and basic problem-solving in low-risk environments. This approach helps agencies develop effective practices while preventing issues such as data exposure and security gaps.\n\nAfter developers gain basic AI competency, they can broaden their AI proficiency throughout the software development process, focusing specifically on repetitive, labor-intensive tasks where AI delivers immediate benefits with minimal workflow disruption. This frees up developers from routine, monotonous work, enabling them to concentrate on more important challenges and strategic planning.\n\n## Step 2: Establish governance frameworks and compatibility standards\nWhen teams gain confidence using AI for specific applications, agencies can start developing comprehensive guidelines for AI tools that support long-term success. This includes data access controls, security measures, and quality benchmarks.\n\nIn the U.S., the federal government has urged agencies and federal data leaders to create standards for data compatibility, standardize data formats, and build procedures to manage security threats. For federal organizations handling sensitive civilian data, implementing these standards allows agents to function within the parameters of agency compliance, security, and mission-driven objectives.\n\nThese standards empower rather than limit. Data protocols standardize how AI systems exchange information and work together across platforms. This ensures that agencies can maintain data interoperability and consistent data formats, and leverage AI tools across departments.\n\n## Step 3: Deploy and expand AI agent capabilities strategically\nNow agencies reach the most exciting phase of their AI agent implementation: when they are ready to assign AI agents to handle self-contained development projects with a degree of autonomy.\n\nProviding autonomy increases the range of responsibilities agents can manage, expanding beyond single-agent capabilities and allowing multiple agents to work together on sophisticated projects. By operating and communicating within a unified platform that provides access to rich context across the entire software development lifecycle, agents can become an integral part of the end-to-end development process.\n\nAgencies should encourage developers to strengthen the skills that matter most for successful AI partnerships, including analytical thinking, problem-solving skills, and creativity. The collaboration between AI agents and skilled, AI-prepared developers advances innovation and enables quicker, more secure software delivery in support of federal objectives.\n\n## Step 4: Enhance performance through monitoring and training\nAgencies must keep refining their AI implementation processes, even when AI agents can function and collaborate independently. To ensure agencies maximize their AI investment, it is essential to implement monitoring systems that track agent effectiveness with clear metrics and correction protocols.\n\nContinuous training programs for developers, IT administrators, and other federal employees, particularly those emphasizing AI knowledge, will also be critical. Agencies can build AI capabilities through education initiatives that emphasize prompt design, AI partnership methods, and effective system supervision. Collaborating with AI represents a sophisticated skill that will distinguish developers and prepare them for success in today's evolving work environment.\n\n## Embracing the future of AI-led development in government\nAI agents are poised to transform the way we design, create, launch, and maintain software that powers federal government systems.\n\nThe shift toward AI-driven software development creates both major opportunities and strategic challenges for public sector organizations. Agencies that welcome this change as an opportunity to reimagine their capabilities, rather than viewing it as a threat, will experience the most significant efficiency improvements and mission acceleration.\n\nBy actively managing these essential areas, from initial integration through governance and ongoing learning, federal organizations can succeed in this new environment where AI capabilities enhance human innovation and strategic thinking.",[448,451,454,457,460],{"header":449,"content":450},"What are AI agents and how do they transform government software development?","AI agents are intelligent systems that can initiate actions, make autonomous choices, and handle sophisticated tasks alongside development teams. They dramatically speed up software creation cycles, allowing government agencies to ship applications more quickly while maintaining security and regulatory compliance. These systems enable cost-effective modernization initiatives including technical debt reduction and legacy system updates.",{"header":452,"content":453},"What is the four-step approach for implementing AI agents in government agencies?","The four steps are building foundational AI proficiency by developing familiarity with AI-supported programming in low-risk environments, establishing governance frameworks with data access controls and security measures, deploying AI agent capabilities strategically with increased autonomy for self-contained projects, and enhancing performance through monitoring systems and continuous training programs.",{"header":455,"content":456},"How do AI agents help government agencies modernize legacy systems?","AI agents enable cost-effective modernization by updating legacy applications that federal agencies have depended on for decades, reducing technical debt, remediating security vulnerabilities, and helping decommission obsolete systems. They can solve problems such as updating outdated programming languages like COBOL while maintaining mission-critical functionality.",{"header":458,"content":459},"What governance frameworks should agencies establish for AI agent deployment?","Agencies should develop comprehensive guidelines including data access controls, security measures, and quality benchmarks that support long-term success. This includes creating standards for data compatibility, standardizing data formats, and building procedures to manage security threats while ensuring agents function within agency compliance and mission-driven objectives.",{"header":461,"content":462},"How should agencies prepare developers for successful AI agent partnerships?","Agencies should encourage developers to strengthen analytical thinking, problem-solving skills, and creativity for effective AI partnerships. Continuous training programs emphasizing AI knowledge, prompt design, AI partnership methods, and effective system supervision are critical. Collaboration with AI represents a sophisticated skill that distinguishes developers in today's evolving work environment.","content:en-us:the-source:ai:ai-agents-for-government-a-4-step-guide.yml","en-us/the-source/ai/ai-agents-for-government-a-4-step-guide.yml","en-us/the-source/ai/ai-agents-for-government-a-4-step-guide",{"_path":467,"_dir":428,"_draft":6,"_partial":6,"_locale":7,"slug":468,"type":430,"category":428,"config":469,"seo":471,"content":476,"_id":500,"_type":28,"title":474,"_source":29,"_file":501,"_stem":502,"_extension":32,"description":475,"date":477,"timeToRead":478,"heroImage":473,"keyTakeaways":479,"articleBody":483,"faq":484},"/en-us/the-source/ai/transform-legacy-systems-faster-with-ai-automation-tools","transform-legacy-systems-faster-with-ai-automation-tools",{"layout":9,"template":432,"featured":6,"author":26,"sourceCTA":470,"isHighlighted":6,"authorName":11},"source-lp-enterprise-guide-to-agentic-ai",{"config":472,"ogImage":473,"title":474,"description":475},{"noIndex":6},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1757084642/vjyxm7kj6xehb8jt8smh.png","Update legacy systems faster with AI automation tools","Discover how artificial intelligence accelerates legacy system upgrades, reduces security risks, and streamlines development workflows.",{"title":474,"description":475,"date":477,"timeToRead":478,"heroImage":473,"keyTakeaways":479,"articleBody":483,"faq":484},"2025-09-18","4 min read",[480,481,482],"AI agents translate outdated code into modern languages, reducing manual developer effort and accelerating system upgrades.","Automated vulnerability detection and remediation helps organizations address security gaps in legacy applications more efficiently.","AI-assisted development enables teams to build new applications while modernizing existing systems simultaneously.","If your team is wasting time trying to understand and update 1990s code instead of building 2025 solutions, it might be time to have a conversation about codebase modernization. Luckily, AI can help.\n\nMany enterprise companies continue operating with outdated IT infrastructure built decades ago. These aging systems create security risks, introduce software defects, and slow down development cycles, preventing teams from meeting delivery deadlines.\n\nModernizing these systems requires significant time and budget investments. Organizations recognize the long-term benefits of infrastructure upgrades, but justifying immediate costs proves difficult when returns may not appear for several years.\n\nMemory-unsafe programming languages remain embedded within complex enterprise systems, creating ongoing security concerns. Research indicates that approximately 70% of security flaws stem from [outdated systems using memory-unsafe languages](https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF). Legacy code presents challenges for developers who must understand and convert it to contemporary memory-safe alternatives or updated application frameworks. Successfully migrating these systems requires developers with expertise across multiple programming languages.\n\nProactive [AI agents](https://about.gitlab.com/the-source/ai/how-ai-can-fix-governments-legacy-code-problem/) can assist development teams during modernization projects, enabling human developers to concentrate on strategic planning and building innovative customer solutions. Organizations can leverage AI for modernization through three primary approaches: explaining legacy programming languages, supporting new application development, and accelerating security issue resolution.\n\n## Explaining and updating legacy code\nStandard refactoring methods include inline refactoring, which restructures outdated code components, and abstraction, which eliminates duplicate code. These traditional methods require substantial time, experienced developers knowledgeable in outdated languages, and comprehensive testing to ensure their effectiveness.\n\nJunior development teams typically lack sufficient knowledge and background in the legacy languages found in existing codebases. This makes understanding legacy source code an overwhelming and lengthy process. AI agents can streamline this process by converting existing code into natural language and then creating updated code using memory-safe languages for review and testing by human developers.\n\nThe new code can then operate on cloud infrastructure using microservices or other available compute resources. This approach allows modernized code to deliver identical functionality with improved efficiency and security, plus enhanced scalability and faster response times.\n\n## Supporting new application development\nIn addition to modernizing existing code, AI can help create new applications based on specific requirements or business functions. Development teams can provide requirements using natural language descriptions, and AI can then generate frameworks and code components that support those needs, sometimes even writing substantial portions of applications using modern architectures.\n\nAI can also aid collaboration among development professionals by summarizing feedback within code reviews, identifying potential integration problems, and tracking compliance requirements, making communication smoother across distributed development organizations.\n\n## Accelerating security assessment and issue resolution\nSecurity responsibilities now extend beyond dedicated security professionals to include developers throughout the organization. Constant threats from malicious actors have grown substantially with AI-enhanced attack methods that exploit known weaknesses in legacy applications and aging infrastructure. Security teams must adopt AI tools to keep pace with these evolving threats.\n\nAI can analyze existing code for user behavioral patterns, conduct root cause investigations, automate security assessments, and apply fixes for identified vulnerabilities. This improves coordination between security professionals and developers, enabling them to recognize and address security issues independently and reducing security team workloads.\n\nThis partnership between AI, developers, and security professionals has the potential to allow organizations to respond more quickly to emerging threats and cut response times from days to hours.\n\n## Building for tomorrow\nAlthough the transition from legacy codebase maintenance to comprehensive modernization appears challenging, it represents an essential step for maintaining organizational security and preparing for the future. The bottom line is that development teams should focus their energy on delivering value to customers, not on supporting and maintaining outdated languages and frameworks. AI-powered code modernization helps teams optimize workflows, enhance performance, and encourage innovation while reducing operational expenses.\n\nModernizing legacy systems also eliminates entire categories of security vulnerabilities and strengthens protection across the technology landscape. AI will function as both an accelerator and a protector in this technological evolution.\n\nCompanies that embrace AI-driven modernization position themselves to compete more effectively while building stronger, more secure digital foundations for future growth and innovation.",[485,488,491,494,497],{"header":486,"content":487},"How does AI help explain and update legacy code for development teams?","AI agents streamline legacy code understanding by converting existing code into natural language explanations, then creating updated code using memory-safe languages for human review and testing. This approach helps junior developers who lack knowledge in outdated languages and accelerates the modernization process significantly.",{"header":489,"content":490},"What percentage of security flaws come from outdated legacy systems?","Research indicates that approximately 70% of security flaws stem from outdated systems using memory-unsafe programming languages. These legacy systems create ongoing security concerns and present challenges for developers who must convert them to contemporary memory-safe alternatives.",{"header":492,"content":493},"How can AI support new application development alongside legacy modernization?","AI can generate frameworks and code components based on natural language requirements, sometimes writing substantial portions of applications using modern architectures. AI also aids collaboration by summarizing code review feedback, identifying integration problems, and tracking compliance requirements across distributed development teams.",{"header":495,"content":496},"What are the three primary approaches for leveraging AI in modernization projects?","Organizations can leverage AI through three main approaches: explaining legacy programming languages and converting them to modern alternatives, supporting new application development with automated code generation, and accelerating security issue resolution through automated vulnerability detection and remediation.",{"header":498,"content":499},"How does AI-powered modernization impact security response times?","AI enables partnerships between developers and security professionals that can cut response times from days to hours. AI analyzes code for behavioral patterns, conducts root cause investigations, automates security assessments, and applies fixes for identified vulnerabilities, allowing faster responses to emerging threats.","content:en-us:the-source:ai:transform-legacy-systems-faster-with-ai-automation-tools.yml","en-us/the-source/ai/transform-legacy-systems-faster-with-ai-automation-tools.yml","en-us/the-source/ai/transform-legacy-systems-faster-with-ai-automation-tools",{"_path":504,"_dir":428,"_draft":6,"_partial":6,"_locale":7,"slug":505,"type":430,"category":428,"config":506,"seo":507,"content":512,"_id":532,"_type":28,"title":509,"_source":29,"_file":533,"_stem":534,"_extension":32,"description":510,"date":513,"timeToRead":441,"heroImage":511,"keyTakeaways":514,"articleBody":518,"faq":519},"/en-us/the-source/ai/how-ai-can-fix-governments-legacy-code-problem","how-ai-can-fix-governments-legacy-code-problem",{"layout":9,"template":432,"featured":6,"author":26,"sourceCTA":433,"isHighlighted":6,"authorName":11},{"config":508,"title":509,"ogTitle":509,"description":510,"ogDescription":510,"ogImage":511},{"noIndex":6},"How AI can fix government’s legacy code problem","Discover how AI-powered modernization tools can transform government's expensive legacy COBOL systems into secure, efficient infrastructure in months.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720940/display-the-source-how-ai-can-solve-the-federal-legacy-code-crisis-article-image-0818-1800x945-fy26_yrmbw4.png",{"title":509,"description":510,"date":513,"timeToRead":441,"heroImage":511,"keyTakeaways":514,"articleBody":518,"faq":519},"2025-07-29T00:00:00.000Z",[515,516,517],"Federal agencies spend hundreds of millions of dollars annually maintaining legacy systems, creating security risks and operational inefficiencies.","AI-powered refactoring tools can modernize legacy government code in months instead of years, translating outdated code into secure, compliant modern applications.","Modern AI-native DevSecOps platforms prevent future technical debt by building security and compliance into new code from day one, breaking the expensive maintenance cycle.","NASA uses AI to guide rovers on Mars, but federal agencies still run key operations on COBOL, a programming language older than the moon landing. \n\nCritical U.S. agencies like the Department of Health and Human Services, Social Security Administration, and Centers for Medicare and Medicaid Services depend on systems built with COBOL and other legacy languages. However, fewer and fewer programmers know how to work with this outdated code. \n\nThat means each year brings higher chances of major system breakdowns that could stop benefit payments, expose private citizen data, or create processing delays affecting millions of citizens.\n\nHowever, because modernizing legacy code can be such a daunting process, many agencies have delayed major upgrade projects, choosing instead to patch problems as they appear. This strategy has created technical debt that grows exponentially over time.\n\nWith mounting pressure to improve efficiency, the public sector has a chance to use AI for a critical purpose: system modernization. Agencies can use AI to expedite the [modernization of legacy applications](https://about.gitlab.com/the-source/security/why-legacy-code-is-a-security-risk-and-how-ai-can-help/) with memory-safe code, which was once a slow and challenging process.\n\nThe time to start modernization projects is now. AI-powered tools can turn what once took years into a faster path for agencies to eliminate their dependence on COBOL and other outdated languages.\n## Understanding code refactoring basics\nMoving away from COBOL begins with code refactoring — a method that enhances the design and stability of existing code, enabling the secure modernization of legacy code without altering its functionality.\n\nTraditional refactoring methods include inline refactoring, which restructures outdated elements of code, and abstraction, which eliminates repeated code. However, these methods require a significant amount of time, skilled developers who understand legacy languages, and thorough testing to function properly.\n\nWhile federal agencies recognize that modernization is necessary in the long term, it's challenging to justify spending resources now when the benefits may not be realized for years.\n## Using AI for code modernization\nAI makes the refactoring process achievable. Developers across all industries are adopting this approach: [GitLab research](https://about.gitlab.com/developer-survey/2024/ai/) found that 34% of organizations already use AI in their software development lifecycle, including for code modernization.\n\nAI tools handle the heavy lifting in refactoring, such as understanding complex legacy code and creating modern code that works the same way. For developers with limited COBOL knowledge, these tools work like translators between old and new programming methods.\n\nAfter modernizing the code, AI can further improve it by identifying security vulnerabilities, recommending optimizations, and automatically running comprehensive testing. For government agencies with stringent security and compliance requirements, this automated hardening of codebases eliminates a major modernization barrier, reducing the modernization timeline from years to months.\n## Building software for tomorrow\nWhile addressing the challenges associated with legacy code is important, forward-thinking government agencies must also adopt modern development practices that avoid creating future technical debt. A [DevSecOps platform](https://about.gitlab.com/platform/) lets developers quickly build software with AI help and security built into every line of code.\n\nWith a comprehensive platform, AI works as both a speed booster and protector. Tools like [AI-powered code suggestions](https://about.gitlab.com/solutions/code-suggestions/) can incorporate federal compliance rules and generate secure, optimized code that meets government standards from day one. Meanwhile, vulnerability scanning finds and fixes potential security issues before deployment. This shift allows developers to focus on high-value work that requires human skills instead of routine coding tasks.\n\nThe collaborative aspects of AI go beyond code creation to improve team collaboration. By summarizing code review comments, identifying potential integration problems, and tracking compliance requirements, AI tools streamline communication between distributed development teams.\n\nIn addition, security becomes an ongoing, integrated process instead of a checkpoint at project completion. [AI-powered vulnerability detection](https://about.gitlab.com/the-source/ai/understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo/) doesn't just find risks faster — it explains them in the context of federal security requirements, suggests specific fixes, and learns from each project to improve future development.\n\nThe federal government has made real progress using technology to serve citizens and protect national security. By embracing AI-powered modernization for both legacy systems and new development, agencies can break free from the expensive cycle of managing old technical debt while building more responsive, secure, and adaptable digital infrastructure.",[520,523,526,529],{"header":521,"content":522},"How long does AI-powered code modernization take compared to traditional methods?","AI-powered refactoring tools can modernize legacy government code in months instead of years. Traditional modernization projects often take years to show benefits, while AI tools accelerate the timeline by automatically handling complex code translation and testing processes.",{"header":524,"content":525},"Which government agencies rely most heavily on legacy COBOL systems?","Critical agencies including the Department of Health and Human Services, Social Security Administration, and Centers for Medicare and Medicaid Services depend on COBOL and other legacy systems. These systems handle operations affecting millions of citizens, from benefit payments to healthcare data processing.",{"header":527,"content":528},"What security risks do legacy government systems create?","Legacy systems represent an expanding attack surface with higher chances of major breakdowns each year. These vulnerabilities could stop benefit payments, expose private citizen data, or create processing delays affecting millions of Americans.",{"header":530,"content":531},"How does DevSecOps prevent future technical debt in government development?","AI-native DevSecOps platforms build security and compliance into new code from day one, incorporating federal compliance rules automatically. This approach prevents the accumulation of technical debt by creating secure, optimized code that meets government standards during initial development.","content:en-us:the-source:ai:how-ai-can-fix-governments-legacy-code-problem.yml","en-us/the-source/ai/how-ai-can-fix-governments-legacy-code-problem.yml","en-us/the-source/ai/how-ai-can-fix-governments-legacy-code-problem",{"_path":536,"_dir":428,"_draft":6,"_partial":6,"_locale":7,"slug":537,"type":430,"category":428,"config":538,"seo":540,"content":544,"_id":568,"_type":28,"title":545,"_source":29,"_file":569,"_stem":570,"_extension":32,"description":542,"date":546,"timeToRead":441,"keyTakeaways":547,"articleBody":551,"faq":552,"heroImage":543},"/en-us/the-source/ai/self-hosted-ai-balance-innovation-and-security-in-government","self-hosted-ai-balance-innovation-and-security-in-government",{"layout":9,"template":432,"featured":327,"author":26,"sourceCTA":539,"isHighlighted":6,"authorName":11},"source-lp-ai-for-air-gapped-environments",{"title":541,"description":542,"ogImage":543},"Self-hosted AI: Balance innovation & security in government","Discover how self-hosted models enable federal agencies to leverage artificial intelligence while maintaining strict security and compliance standards.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1752687563/vda4ouljcsv1z63bvs2p.png",{"title":545,"description":542,"date":546,"timeToRead":441,"keyTakeaways":547,"articleBody":551,"faq":552,"heroImage":543},"Self-hosted AI: Balance innovation and security in government","2025-07-22T00:00:00.000Z",[548,549,550],"Self-hosted models allow federal agencies to use artificial intelligence while keeping sensitive data within secure, controlled environments that meet strict compliance requirements.","Government organizations gain better security, cost control, and custom solutions by running AI models on their own infrastructure rather than using cloud-based services.","Military branches like the Army, Air Force, and Defense Information Systems Agency are already deploying self-hosted AI tools for mission-critical operations.","Government agencies face strict rules that prevent them from using cloud technology for software development. This blocks their access to AI's transformative potential because most advanced AI solutions run in the cloud. The risks of sending data outside their networks and losing control over AI environments force them to find a more secure path.\n\nDespite these challenges, ignoring AI entirely isn't realistic. Agencies must integrate AI into software development to support [efficient software modernization](https://about.gitlab.com/the-source/ai/reducing-software-development-complexity-with-ai/). But how can they use AI tools to enhance productivity, improve security, and drive innovation without exposing themselves to the risks associated with cloud-based AI solutions?\n\nSelf-hosted AI models provide a strategic solution. By running and managing large language models (LLMs) and other advanced AI capabilities within their own secure infrastructure, whether in on-premises data centers or private cloud environments, agencies gain the control needed to leverage AI while maintaining strict compliance standards and advancing mission-critical applications.\n\n## Key benefits of a self-hosted AI strategy\n\nAfter working with federal agency tech leaders for many years, I understand that a statement like \"Let's just host it ourselves\" might raise some eyebrows. It's not always straightforward, especially with a technology as new as AI. However, evidence suggests that federal agencies and defense organizations are ready for a different approach.\n\nFor example, [the Pentagon is actively working on a \"fast pass\" approach](https://federalnewsnetwork.com/defense-news/2025/04/pentagon-to-establish-secure-software-assurance-program/) to securing software components, aiming to onboard approved software more quickly by using existing standards such as [Software Bill of Materials (SBOM)](https://about.gitlab.com/the-source/security/guide-to-dynamic-sboms/), the NIST Secure Software Development Framework (SSDF), and other common attestation methods and [risk assessments](https://about.gitlab.com/the-source/security/embedding-risk-intelligence-into-your-software-supply-chain/).\n\nMeanwhile, the House Oversight and Government Reform Committee has been exploring ways to use IT modernization to enhance efficiency. And there's a broad groundswell of interest in finding ways to leverage AI in government.\n\nHere are several examples from the U.S. military:\n\n- The Defense Information Systems Agency is developing a [new data strategy](https://www.linkedin.com/pulse/disa-outlines-blueprint-new-data-strategy-u4jfc/?trackingId=hNpbXWugSH%2BukncYhngytA%3D%3D) that integrates data, analytics, and AI into all aspects of defense operations through a secure, self-hosted platform.\n- The Army is building [two new self-hosted AI tools](https://www.army.mil/article/283601/enhancing_military_operational_effectiveness_through_the_integration_of_camo_and_nipr_gpt), CamoGPT and NIPR GPT, to support predictive maintenance, analysis of adversaries' communications, logistics optimization, and evaluation of different proposed courses of action.\n- The Air Force Research Lab is developing an open-source platform, the [Air and Space Force Cognitive Engine](https://afresearchlab.com/technology/air-and-space-force-cognitive-engine/), a flexible, single IT platform for operationalizing AI within the Air Force.\n\nGovernment organizations see clear advantages when they host LLMs within their own secure infrastructure:\n- **Data sovereignty**: When working with sensitive national security information, the risks of external data processing and limited control over AI environments demand a more secure approach that keeps critical data within protected boundaries. Self-hosted environments ensure that level of security.\n- **Regulatory compliance**: Federal agencies must adhere to complex regulatory frameworks, including the Federal Risk and Authorization Management Program (FedRAMP), International Traffic in Arms Regulation (ITAR), Federal Information Security Modernization Act (FISMA), and agency-specific mandates. Self-hosted environments provide the detailed control necessary to implement specific security controls, audit trails, and governance frameworks that meet these strict requirements.\n- **Better security**: Self-hosted models dramatically reduce potential attack vectors by removing dependencies on external APIs and third-party infrastructure. Agencies maintain complete control over access management, network segmentation, and vulnerability patching within their AI systems.\n- **Custom solutions**: Unlike standard cloud solutions, agencies can choose from a list of supported AI models using specialized datasets tailored to their unique use cases and environments. This enables the development of more effective, purpose-built AI solutions that directly support mission objectives, whether by enhancing intelligence analysis, optimizing resources, or strengthening cybersecurity. This customization also facilitates [integration with legacy systems](https://about.gitlab.com/the-source/security/why-legacy-code-is-a-security-risk-and-how-ai-can-help/), a common challenge in the public sector.\n- **Cost control**: While the initial setup requires an investment in infrastructure and expertise, self-hosted AI models can provide more predictable long-term cost structures compared to variable subscription-based cloud models. This approach offers greater flexibility for large-scale deployments, leveraging existing infrastructure and personnel. Plus, self-hosted AI can offer a secure environment for modernizing legacy systems while maintaining direct oversight of sensitive code.\n\n## Fostering innovation within a trusted framework\n\nRunning AI in a secure, self-hosted environment supports innovation within a foundation of trust and control. Agencies can adopt open-source AI advances while maintaining security, compliance, and performance standards. This flexibility allows government developers and data scientists to build critical applications with security and compliance as foundational principles rather than afterthoughts.\n\nThe examples above clearly demonstrate that the U.S. government — particularly the Department of Defense — is serious about embracing the potential of AI to make their work more effective, efficient, and innovative. This movement is already well underway.\n\nFor federal agencies, integrating self-hosted AI models into software development workflows is essential for managing the complex web of security regulations while fostering innovation. Self-hosting allows AI to reach its full potential throughout the software development lifecycle. This enhances operational effectiveness, strengthens security, and accelerates the creation of more intelligent applications to safeguard national interests in an increasingly complex digital environment.",[553,556,559,562,565],{"header":554,"content":555},"What is self-hosted AI and how does it work for government agencies?","Self-hosted AI involves running large language models and AI capabilities within an agency's own secure infrastructure, either on-premises or in private cloud environments. This approach allows agencies to leverage AI tools while maintaining complete control over sensitive data and meeting strict compliance requirements.",{"header":557,"content":558},"Which military branches are currently using self-hosted AI tools?","The Army is building CamoGPT and NIPR GPT for predictive maintenance and logistics optimization. The Air Force Research Lab is developing the Air and Space Force Cognitive Engine platform. The Defense Information Systems Agency is integrating AI into defense operations via secure, self-hosted platforms.",{"header":560,"content":561},"What compliance standards must government self-hosted AI meet?","Government self-hosted AI must comply with FedRAMP, ITAR, FISMA, and agency-specific mandates. Self-hosted environments provide the detailed control needed for specific security controls, audit trails, and governance frameworks that meet these strict regulatory requirements.",{"header":563,"content":564},"How does self-hosted AI reduce security risks compared to cloud-based solutions?","Self-hosted AI dramatically reduces attack vectors by eliminating dependencies on external APIs and third-party infrastructure. Agencies maintain complete control over access management, network segmentation, and vulnerability patching within their AI systems, keeping sensitive data within protected boundaries.",{"header":566,"content":567},"What are the cost advantages of self-hosted AI for government agencies?","Self-hosted AI provides more predictable long-term cost structures compared to variable subscription-based cloud models. While requiring initial infrastructure investment, this approach offers greater flexibility for large-scale deployments and leverages existing government infrastructure and personnel resources.","content:en-us:the-source:ai:self-hosted-ai-balance-innovation-and-security-in-government.yml","en-us/the-source/ai/self-hosted-ai-balance-innovation-and-security-in-government.yml","en-us/the-source/ai/self-hosted-ai-balance-innovation-and-security-in-government",[426,466,503,535],1759347851805]