The Secure and Accountable Military AI Act would also require congressional approval for autonomous weapons and impose a 72-hour incident-reporting requirement on defense AI contractors.

Sen. Kirsten Gillibrand (D-NY) introduced S. 4656, the Secure and Accountable Military AI Act of 2026. The bill sets comprehensive limits on how the Department of Defense (DoD) may use AI, covering nuclear weapons, domestic surveillance, autonomous weapons, and security incidents at defense AI contractors.

Three uses of AI would be banned outright

1. No AI may be used to select targets for nuclear weapons or to execute a launch.
2. No AI may be used to track, score, or build surveillance profiles on Americans inside the United States, except where that activity is expressly authorized by federal law and supported by documented legal grounds.
3. No fully autonomous weapons may be developed or deployed. Autonomous weapons are systems that select and engage targets without human input. Exceptions require a separate act of Congress.

High-consequence AI: who approves it

The bill creates a “high-consequence” AI designation. The Secretary of Defense must establish an approval process for systems in that category within 180 days of enactment. The high-consequence category covers AI used in lethal targeting decisions, cyber operations that could affect systems outside the Pentagon’s own networks, AI used to track or build profiles on people inside the United States, and autonomous weapon systems.

A senior Defense Department official must sign off before deploying a high-consequence system. That sign-off requires the system to complete realistic testing, legal review, documentation of known failure risks, operator training, and post-deployment monitoring plans. Congress would receive 15 days’ advance notice before the first operational deployment of any high-consequence system, with a 48-hour exception available for extraordinary national security circumstances.

A human must be accountable

For every approved high-consequence AI application, the bill requires assigning a human decision-maker or chain of decision-makers with the authority to pause, override, or shut down the system. AI may assist with analysis, prioritization, and recommendations. However, it may not replace human judgment in decisions involving the use of force or detention.

What defense contractors must report

Companies that develop or provide large-scale AI models to the Pentagon would be required to report incidents. Covered incidents fall into two categories with different timelines.

1. Security incidents would require an initial report within 72 hours of discovery. These include theft or unauthorized access to the core data that defines how an AI model works (called model weights), foreign adversary intrusions, supply chain compromises, and tampering with training data.
2. Behavioral anomalies would require a report within 7 days. These include AI displaying unexpectedly dangerous capabilities, evading safety controls, or behaving deceptively in ways not previously disclosed to the DoD. The DoD must then notify the Senate and House Armed Services Committees within 7 days of receiving a contractor report.

Autonomous weapons would require congressional approval

For all autonomous weapons except missile interceptors and certain point-defense systems, the Secretary of Defense must petition Congress directly to employ automated AI systems. Congress would vote via joint resolution under expedited rules that cap debate at 10 hours and bar amendments. Any authorization would expire after three years.

S.4656 was referred to the Senate Armed Services Committee. The DoD already requires human judgment in lethal force decisions under an internal policy directive, but that policy has no force of law and can be revised administratively. The Gillibrand bill would make those requirements statutory.