Insights

Can Investigators Use AI Without Breaking CJIS?

MF
CJIS Officer

The FBI's CJIS Security Policy mentions AI exactly once. Here is what that means for investigators using AI on case files, where public products like ChatGPT cross the line, and what a CJIS-grade alternative looks like.

The most recent version of the FBI’s CJIS (Criminal Justice Information Services) Security Policy, version 6.0.0, was published in December 2024. By that point, ChatGPT had been generally available for over two years. Yet “artificial intelligence” appears in the policy exactly once, and only in the context of using AI for malicious code detection.

The federal rulebook for handling criminal justice information mentions AI exactly one time. That single mention is about using AI to detect malicious code, not about detectives using AI on case files. The policy that governs CJI handling has not yet caught up to how investigators are actually using these tools today.

In the time since, many detectives have started turning to AI to help work through large amounts of digital evidence. Commercial AI tools designed specifically for investigations, like Longeye, have only recently become available. In the meantime, some investigators have reached for general-purpose products like ChatGPT, Claude, Meta AI, and Grok.

The obvious problem with that kind of early adoption is that the information detectives are feeding into public products is, by definition, criminal justice information. CJI is not classified the way military intelligence is, but it is extremely confidential. Think of it as sitting somewhere above credit card data (PCI) and personal health information (HIPAA), and below national security material. A disclosure can put witnesses and confidential informants at risk. Even the fact that an investigation exists can compromise it, prompting suspects to change their behavior or destroy evidence.

CJIS is a demanding standard that criminal justice agencies are required to follow, often without the staff or budget to follow it well. Smaller departments simply cannot afford a full-time compliance officer and the IT security posture that compliance requires. Compliance work can take a back seat to the need to close cases. The risk isn’t theoretical. Failing a CJIS audit can cost an agency access to national databases like NCIC (the National Crime Information Center). Officers who disclose CJI can face criminal and civil penalties.

It helps to remember that detectives are information workers, with the notable exception that they show up to work armed. They use computers. They get locked out of their accounts, including the FBI director on occasion. They organize files, search the web, and order from DoorDash. It is natural for a detective to be curious, even enthusiastic, about using AI to draft a police report, search a 100,000-page warrant return, work through a cell tower dump, transcribe an interview, or do any of the other tasks that consume their week. The security and accuracy stakes, though, are much higher than in typical office work.

Basic Security for CJI

Any system that processes CJI, AI or not, has to secure it from unauthorized access. CJIS spends hundreds of pages on the details: authentication, access control, least privilege, encryption at rest and in transit, key management, firewalls, intrusion detection, incident response, and everything else the FBI could think of in 2024. These are table stakes for any software provider that works with criminal justice agencies.

AI Concerns Not Directly Covered by CJIS

Across the criminal justice agencies we work with, two AI-specific concerns come up again and again. The first is the security of CJI inside the model itself, meaning who has access to the AI’s entry and exit points and to its internal state. The second is the risk that CJI could end up in training data and become embedded in future public models.

Exposing public AI products to CJI practically guarantees that the information is disclosed to unauthorized personnel at the provider, and that it can leak into future training sets. Even the prompts a detective enters can themselves be CJI.

A prompt like "Find instances in the evidence where suspect [name] encountered victim [name] before [incident]" is itself CJI. The names, the relationship, and the fact that an investigation is open are all sensitive. Type that into a public AI tool and you have disclosed an active investigation to a third party.

To avoid all of this, Longeye runs AI models in a secure environment where model providers have no visibility into the data or the prompts, and where no data can flow back to the provider. We use Amazon Bedrock to run commercial and open-source models. We also run specialized models on Amazon-hosted GPUs for cases like speech-to-text and image analysis. Customer data belongs to the customer. It is not used to train or update models, and there is no path for it to flow back to the model providers for training under any circumstance.

Hallucinations

The current CJIS policy was written before hallucinations became a recognized concern in AI. The horror stories are easy to find. Lawyers who used AI to prepare briefs and discovered, in front of a very angry judge, that the citations were fabricated. It has happened in high-profile cases brought by the Department of Justice itself.

An imagined fact in a police report is not a typo. It can wreck a case at trial, and if the defense never catches it, it can contribute to a miscarriage of justice. The AI tool an investigator chooses has to be incapable of inventing evidence.

An investigator cannot afford imagined facts in a report. A hallucination could wreck a case at trial or, if the defense never catches it, contribute to a miscarriage of justice.

Longeye protects against this by always grounding its answers in the original evidence. When the system surfaces a relevant detail, summarizes a document, or helps draft a report, it cites the source it came from. If a claim cannot be traced back to a real file, Longeye will not make it.

Evaluating AI for your agency?

If CJIS posture, training-data exposure, and hallucination risk are on your checklist, we can walk you through how Longeye handles each one and sign a CJIS Security Addendum at onboarding.

Talk to us