The FBI's CJIS Security Policy mentions AI exactly once. Here is what that means for investigators using AI on case files, where public products like ChatGPT cross the line, and what a CJIS-grade alternative looks like.
The most recent version of the FBI’s CJIS (Criminal Justice Information Services) Security Policy, version 6.0.0, was published in December 2024. By that point, ChatGPT had been generally available for over two years. Yet “artificial intelligence” appears in the policy exactly once, and only in the context of using AI for malicious code detection.
In the time since, many detectives have started turning to AI to help work through large amounts of digital evidence. Commercial AI tools designed specifically for investigations, like Longeye, have only recently become available. In the meantime, some investigators have reached for general-purpose products like ChatGPT, Claude, Meta AI, and Grok.
The obvious problem with that kind of early adoption is that the information detectives are feeding into public products is, by definition, criminal justice information. CJI is not classified the way military intelligence is, but it is extremely confidential. Think of it as sitting somewhere above credit card data (PCI) and personal health information (HIPAA), and below national security material. A disclosure can put witnesses and confidential informants at risk. Even the fact that an investigation exists can compromise it, prompting suspects to change their behavior or destroy evidence.
CJIS is a demanding standard that criminal justice agencies are required to follow, often without the staff or budget to follow it well. Smaller departments simply cannot afford a full-time compliance officer and the IT security posture that compliance requires. Compliance work can take a back seat to the need to close cases. The risk isn’t theoretical. Failing a CJIS audit can cost an agency access to national databases like NCIC (the National Crime Information Center). Officers who disclose CJI can face criminal and civil penalties.
It helps to remember that detectives are information workers, with the notable exception that they show up to work armed. They use computers. They get locked out of their accounts, including the FBI director on occasion. They organize files, search the web, and order from DoorDash. It is natural for a detective to be curious, even enthusiastic, about using AI to draft a police report, search a 100,000-page warrant return, work through a cell tower dump, transcribe an interview, or do any of the other tasks that consume their week. The security and accuracy stakes, though, are much higher than in typical office work.
Any system that processes CJI, AI or not, has to secure it from unauthorized access. CJIS spends hundreds of pages on the details: authentication, access control, least privilege, encryption at rest and in transit, key management, firewalls, intrusion detection, incident response, and everything else the FBI could think of in 2024. These are table stakes for any software provider that works with criminal justice agencies.
Across the criminal justice agencies we work with, two AI-specific concerns come up again and again. The first is the security of CJI inside the model itself, meaning who has access to the AI’s entry and exit points and to its internal state. The second is the risk that CJI could end up in training data and become embedded in future public models.
Exposing public AI products to CJI practically guarantees that the information is disclosed to unauthorized personnel at the provider, and that it can leak into future training sets. Even the prompts a detective enters can themselves be CJI.
To avoid all of this, Longeye runs AI models in a secure environment where model providers have no visibility into the data or the prompts, and where no data can flow back to the provider. We use Amazon Bedrock to run commercial and open-source models. We also run specialized models on Amazon-hosted GPUs for cases like speech-to-text and image analysis. Customer data belongs to the customer. It is not used to train or update models, and there is no path for it to flow back to the model providers for training under any circumstance.
The current CJIS policy was written before hallucinations became a recognized concern in AI. The horror stories are easy to find. Lawyers who used AI to prepare briefs and discovered, in front of a very angry judge, that the citations were fabricated. It has happened in high-profile cases brought by the Department of Justice itself.
An investigator cannot afford imagined facts in a report. A hallucination could wreck a case at trial or, if the defense never catches it, contribute to a miscarriage of justice.
Longeye protects against this by always grounding its answers in the original evidence. When the system surfaces a relevant detail, summarizes a document, or helps draft a report, it cites the source it came from. If a claim cannot be traced back to a real file, Longeye will not make it.
If CJIS posture, training-data exposure, and hallucination risk are on your checklist, we can walk you through how Longeye handles each one and sign a CJIS Security Addendum at onboarding.
Talk to us