North Carolina is Piloting AI Across State Government. The Public Can't See How — Yet.

State agencies across North Carolina are piloting artificial intelligence tools in their workflows. AI tools can scan thousands of images in minutes, draft documents, flag anomalies in data, and automate processes that once required hours of staff time. The state's AI Accelerator, established within NCDIT under Governor Stein's executive order, has received dozens of use-case proposals aimed at modernizing the government's legacy systems and tackling what some officials have described as a backlog of projects.

At the AI Accelerator council's kick-off meeting in October, I-Sah Hsieh, the state's first-ever Deputy Secretary for AI, told a room of nearly 30 public and private sector experts that the goal was to "come up with a strategy" to make North Carolina a national leader in AI governance — and acknowledged it wouldn't be perfect.

"This is almost a historical moment." I-Sah Hsieh, NC Deputy Secretary for AI

Months later, the public has not been made privy to the tools or use cases the state government is testing. And the council charged with preparing AI policy recommendations to the governor must do so under a federal framework that ties over $1 billion in broadband funding to its evaluation of the state's regulatory choices on AI.

Navigating Federal and State Lines

The Federal Executive Order on AI and the subsequent AI Action Plan places restrictions on states that thwart the pursuit of a national AI policy framework, making states with "onerous AI laws" ineligible for non-deployment BEAD funds.

North Carolina was approved for over $300 million allocated to the deployment of broadband connection to underserved areas. The state is also sitting on $1 billion of undisbursed BEAD funds, accessible contingent upon compliance to a yet-to-be-finalized federal framework.

"We want to be cautious that we don't impact that funding in any way." Teena Piccione, NCDIT Chief Information Officer

As mandated by that executive order, the Secretary of Commerce is to issue a Policy Notice establishing conditions for continued BEAD program eligibility by March 11, 2026.

The AI Accelerator itself has no dedicated funding. Chris Brittingham, Technology Policy Analyst in NCDIT's Office of AI & Policy, confirmed in an email that "there are no budget line or appropriations for the AI Accelerator." Prototyping efforts, he wrote, are "being supported by in-house tools and staff or by leveraging no cost efforts from vendors that have agreed to sign on to support the AI Accelerator."

After the prototyping phase, the responsibility for funding the implementation of those solutions falls to state agencies, confirmed Brandon Boone, Director of the Office of Strategic Communications at NCDIT, in an email.

"To maintain confidentiality during our evaluation phase, we are not disclosing vendor names," said Boone. "However, we intend to share this information alongside the use cases once they are published."

Procurement data hints at potential directions the state is moving in. NCDIT signed a $10.2 million contract with Carahsoft Technology Corporation in 2026 — almost 10× as much as the $1.3 million contract the year before, according to procurement data from NC Reports. Carahsoft, a major government IT reseller, distributes products from hundreds of technology vendors — including AI and cybersecurity tools — and often serves as a pass-through for other vendors' products.

Symantec, Infoblox, Gigamon, Cohesity, Palo Alto, and other cybersecurity-leaning products listed on the 204X contract show the state's increasing investment in data and consumer protections against the potential security risks that accompany AI integration. Most of those AI risk management tools, ironically, are AI-powered too.

"You have to register tools, and tools become injection points for risk." Bryan Harris, SAS Chief Technology Officer & council member

SBOM, or Software Bill of Materials, is a relatively new concept in supply chain risk management that describes the components that make up a tool or workflow. Those workflows are rarely built from scratch. Rather, they are typically assembled from existing components from multiple acquisition pathways and vendors — links in a chain that could be exploited by bad actors, or, as the recent Anthropic-Pentagon standoff has shown, labeled a supply chain risk by the federal government.

What the Public Gets to See

In a meeting in February, Hsieh said that NCDIT has received 47 use-case submissions across all agencies, 23 of which have been put on hold because they either do not have the right data or do not introduce a solution to a business problem state agencies have.

Hsieh referenced a fishery-health use case submitted by the DEQ, where a human scanning a single photograph takes two minutes. "They use AI to be able to scan 9,000 images in two minutes."

Leadership has partnered with 23 graduate students to conduct research on AI. Only members of the council are allowed to unmute and speak in the public meetings, which typically occur weekly and are posted on the Secretary of State calendar.

"We will be maintaining a list of high-risk use cases that come through the AI Accelerator on the AI Accelerator webpage, however we have currently only been working with low-risk use cases in the AI Accelerator," stated Chris Brittingham via email. "Once we begin seeing high-risk use cases in the AI Accelerator, these will be published on our webpage for public access."

A use case that uses publicly available data is considered "low-risk." Once the initiative advances to phase 2, it will pilot "high-risk" use cases with synthetic data provided by the Enterprise Data Office in lieu of the public data used currently in phase 1. The department has not explained the reasoning for their decision to not share low-risk use cases. For now, that curtain remains drawn.

"Our primary focus remains on publishing high-risk use cases. We believe transparency in these critical scenarios significantly impacts residents' lives." Brandon Boone, NCDIT Director of Strategic Communications