Request for Information -AI Cyber Defense for Commercial Internet

Questions & Answers / Clarifications

This document provides responses to vendor questions regarding an opportunity, dated May 1, 2026.

• Existing Capability: The effort is not intended to support an existing capability or incumbent solution.
• Current Tools: The government currently uses MDE, Cisco Firewall, and Active Directory for endpoint, network, and identity layers.
• Scale: The expected coverage is approximately 500 users and 500 endpoints, supporting Windows, Mac, and Linux operating systems.
• Integration: Integration is expected with existing systems like endpoint protection, SIEM, and identity services, specifically Microsoft Defender Endpoint and Active Directory.
• Operational Model: The desired model is automated with human interaction to ensure the capability augments an existing SOC or is delivered as a managed service.
• Key Outcomes: The goal is to use AI to protect the command's commercial internet, referred to as "dirty internet."
• FEDRAMP SaaS: FEDRAMP High SaaS solutions are an option, provided they can function on the commercial "dirty internet" network.

These clarifications provide specific details on the technical environment, operational requirements, and acceptable solution types, which may influence bidder proposals.

Request for Information (RFI)

This RFI is issued by the U.S. Special Operations Command (USSOCOM), J6, to gather information on Artificial Intelligence (AI) driven cybersecurity solutions for use on its commercial internet service. The goal is to enhance the defensive posture of USSOCOM's commercial internet by identifying solutions capable of real-time threat detection, behavioral analytics, automated incident response, and continuous learning.

The government is seeking solutions that meet the following minimum technical requirements:

• On-prem or hybrid deployment with integration into existing security stacks.
• Protection for Windows, Linux, and Mac operating systems.
• Policy enforcement capabilities (blocking, step-up verification, session restriction).
• Logging and auditing.
• Enhanced detection for exfiltration, unauthorized access, and anomalous file activity.
• Adherence to Zero Trust cybersecurity principles.
• Real-Time Web Filtering for malicious websites and phishing sites.
• Predictive Threat Intelligence for identifying and blocking new malicious domains/URLs.
• Encrypted Traffic Analysis (e.g., TLS 1.3) without compromising data privacy.
• Advanced Anti-Phishing and Social Engineering Prevention.
• Behavioral Baselining for users and entities on the network.
• Anomaly Detection for insider threats and compromised credentials.
• Risk Scoring for anomalous activities.
• Data Discovery and Classification (e.g., CUI).
• Data Loss Prevention (DLP) to monitor and prevent unauthorized exfiltration.
• AI Governance for visibility and control over internal/external AI tool usage.

This RFI is for planning purposes only and is not an invitation for bid, request for proposal, or an obligation to acquire products or services. Responses will be treated as information only, and no payment will be made for costs incurred in responding. The government does not intend to award a contract based on this RFI, and there are no guarantees of a follow-on contract.

Responses should indicate if purchase can be made through NASA SEWP, GSA, FedBizOpps, or other Government Contract/BPA. Responses must not exceed a five-page info paper or a 15-slide PowerPoint presentation. Price quotes are not requested. Interested parties must provide their firm's name, address, POC, phone/fax number, and email address. Responses will be viewed by both Government and non-Government employees. If an NDA is required, it must be submitted with the response.

Not applicable for this RFI.

All responses must be submitted via email to Kristen.colyer@socom.mil. All communication must be conducted via email.