A Nextgov essay recently warned that federal agencies are rushing into AI without cleaning house first—that years of governance debt, broken permissions, and abandoned knowledge management practices are setting up a security and quality crisis. The piece raised a legitimate concern about SharePoint access controls and sensitive files surfacing where they shouldn’t. But it also reflected something we hear in nearly every conversation with government customers, an assumption so widespread it has become a kind of conventional wisdom: that data needs to be cleaned up, organized, and governed before AI can do anything useful. We think that framing gets it exactly backwards, and a moment from a recent training workshop is a good illustration of why.
Suzanne: We were running a training workshop for a group of government users, teaching them how to use our AI by working with their actual data. One of the participants had his spreadsheet open on his laptop so he could fact-check the AI’s answers in real time—he wanted to see how reliable it was. He’d suggest a question, we’d put it to the AI, and he’d check the answer against what he knew. At one point he suggested a question and then immediately regretted it. The fields in his spreadsheet weren’t structured data in any conventional sense—they were free text, notes and descriptions typed into cells, the kind of information that doesn’t lend itself to formulas or pivot tables. He said he shouldn’t have asked that, because even his own pivot table couldn’t have handled it—the data wasn’t clean enough. But the AI did handle it. It read the text inside those fields, parsed the meaning, and then aggregated and analyzed across the full dataset. He said nothing he’d tried before could do that with his data.
That reaction captures something important about where the federal AI conversation has gone wrong. When government leaders say their data is messy, they almost never mean it’s wrong. They mean it doesn’t look the way traditional analytics expects it to look. The information they rely on lives in PowerPoint decks that hold an entire program’s status history, in PDFs that serve as the authoritative source documents, in email threads where decisions were actually made, in spreadsheets where someone typed notes into a column instead of using a dropdown. It lives in SharePoint sites and shared drives and legacy systems that don’t talk to each other. None of this is dirty data. It’s the natural state of how organizations create and store information, and it’s been accumulating for decades. If you’re waiting for it to become clean and structured before you deploy AI, you are waiting for a day that is never going to arrive.
The irony is that unstructured data is precisely what modern AI was designed to handle. The entire value proposition of large language models and retrieval-augmented generation is that they can read, interpret, and reason over information that no traditional system could parse—the text inside a spreadsheet cell, the narrative buried in a PDF appendix, the context scattered across a hundred slides. If the data were already clean and sitting in a relational database, you wouldn’t need AI; you’d just need a decent query tool.
That said, you can’t just point a language model at a pile of PowerPoints and expect answers you’d bet your program on. What the man in the workshop was reacting to wasn’t magic—it was tooling. At CORAS, we pair a natural language processing engine with large language models that use code to work with unstructured data programmatically. The NLP layer parses and structures what’s inside those documents and spreadsheets; the LLM reasons over it through code execution rather than just generating text. That combination is what produces repeatable results—not a model taking its best guess, but a pipeline that can reliably extract, cross-reference, and analyze information the same way every time. The other AI tools he’d tried couldn’t handle it because they were pure language models trying to do something that requires engineering underneath. The difference isn’t the model; it’s the infrastructure around it.
But even the right tooling doesn’t help much if you’re trying to solve the whole problem at once. The mistake I see most often with government customers isn’t a lack of data readiness—it’s a lack of focus. Someone decides the organization needs AI, and the next step is a multi-year data governance initiative to get everything in order before anyone is allowed to use it. Meanwhile, the people doing the actual work—the analysts, the program managers, the logistics specialists—are still manually digging through hundreds of pages of documentation to answer a question that AI could handle in seconds. The governance initiative becomes the reason nobody gets help.
What works, in our experience, is the opposite: start with a single use case that matters to real people, and deliver a win fast enough that the value is undeniable. We think of it as crawl, walk, run. Crawl means finding a specific pain point—something concrete that someone is struggling with today—and solving it with a small group of people who are already willing to try. The goal is to produce a result in days, not months: an answer that used to require hours of digging through PDFs and slide decks, a status check that meant pulling from five different systems, a summary that nobody had time to write. Walk means expanding outward once those early users are bought in, adding structure around the quick wins, connecting additional data sources, letting the people who saw value first become the advocates for everyone else. Run means you’ve earned the right to talk about predictive analytics and executive dashboards and mission-level intelligence—not because you started there, but because you built a foundation of demonstrated value that makes the bigger conversation possible.
Adeline: The European version of the “we’re not ready” argument follows a similar pattern, though it tends to be even more procedurally entrenched. At the European Parliament, I’ve watched the readiness conversation consume months of institutional energy: leadership acknowledges AI’s potential, a working group is convened, and the discussion migrates from “can we use this tool” to “who owns the data,” “how is it classified,” “what’s the retention policy.” By the time those questions are resolved—if they ever are—the original use case has either lost its urgency or its champion has moved on to a new posting.
I’ve observed a more instructive model at the ESM. Rather than treating governance as a prerequisite for adoption, the ESM has moved on both tracks simultaneously, piloting tools and building institutional knowledge while defining strategy and guardrails in parallel. That approach reflects a more realistic understanding of how readiness actually works.
The irony is that the EU arguably has a head start on the governance side. GDPR forced European institutions to think seriously about data classification, purpose limitation, and access controls years before most American agencies started that conversation. But all that governance maturity hasn’t uniformly translated into faster AI adoption—if anything, it has raised the threshold for what “ready” means in many quarters. A persistent misconception remains: that data must be structured, clean, and perfectly catalogued before AI can deliver value. In practice, some of the most useful AI applications work precisely on the messy, unstructured information that institutions already have in abundance. The lesson is that governance and adoption have to move in parallel rather than in sequence—because the governance work never reaches a natural stopping point, and waiting for it to do so is itself a choice with real costs.
Suzanne: There’s a real cost to the delay, and it compounds. In US agencies, headcount has been cut and the work hasn’t gone away, and the people who remain don’t have the luxury of waiting for a readiness initiative to conclude before they get help. They need tools that work with the data as it exists—in the PowerPoints and PDFs and text-filled spreadsheets where it already lives. The “clean your data first” framing sounds like prudence, but in practice it becomes permission to defer indefinitely, and the data doesn’t improve while you deliberate. It gets worse, because the unstructured pile grows with every report filed, every deck updated, every departing colleague who takes institutional knowledge with them.
Fix your permissions—that’s a legitimate security concern that deserves attention whether or not AI is in the picture. But don’t confuse access governance with data readiness, and don’t let the pursuit of a perfectly organized information environment keep you from helping the people who need help now. Find a use case that matters, start with people who are ready, deliver something they can point to, and build from there. The man with the spreadsheet was sure his data was too messy. It wasn’t. It was just waiting for the right tools to make sense of it.
Suzanne writes from the US. Adeline writes from the EU. Neither waited for clean data to start.