AI-Ready Defense Data: Salesforce's Peter Lington on MDM, API Orchestration, MuleSoft, and MOSA

Preparing defense data for AI-driven operations: Peter Lington's blueprint for the next 3-5 years

Dec 15, 2025 - Peter Lington, Area Vice President for the Department of War at Salesforce, laid out a clear path: data first, then AI. The next three to five years will favor teams that manage data like a product, expose legacy systems with APIs (think MuleSoft), and keep humans in the loop as agents take on repeatable work.

The rollout won't start at the edge. It will begin in back-office functions like HR and logistics, then move to operations as trust, data quality, and controls mature. The constant: clean, unified, accessible data.

Why data decides the next 36 months

• Decisions need to move at machine speed, but they're only as good as the data you feed them.
• Legacy systems won't disappear overnight. Expose them with APIs and standard contracts instead of full rewrites.
• Trust is earned: transparency, lineage, and auditability drive adoption across the force.

The foundation: build these capabilities now

• Master Data Management for people, units, assets, locations, suppliers. One golden record per entity.
• API orchestration: standardize access to HR, logistics, maintenance, and finance systems (MuleSoft or equivalent).
• Event and message streams for near-real-time updates across systems.
• Data contracts and a shared vocabulary to keep systems consistent.
• Catalog, lineage, and data quality rules with visible SLAs.
• Zero-trust access, attribute-based controls, and field-level masking.

Rollout plan: back office first, operations next

• Phase 1 - HR and logistics: personnel actions, leave, requisitions, inventory checks, slotting, parts availability, ticket triage.
• Phase 2 - Readiness and sustainment: predictive maintenance, spares optimization, training scheduling, funding alignment.
• Phase 3 - Operations with human oversight: planning assistance, COP updates, course-of-action comparison, alert summarization.

Agents + service members: how to share the work

• Define what the agent proposes vs. what a human approves (RASCI for each workflow).
• Keep every action auditable: prompts, data sources, outputs, and who approved.
• Use a sandbox to test changes against synthetic or historical data before production.
• Tune tasks, not models, where possible. Update prompts, tools, and policies without breaking the stack.

Key metrics for operations leaders

• Data quality: completeness, duplication, and timeliness by source.
• Time-to-data: from event to system-of-record update to downstream availability.
• API reliability: uptime, latency, and error budgets per domain.
• Cycle time: requisitions, ticket resolution, onboarding, parts delivery.
• Forecast accuracy: demand, maintenance, attrition, and readiness.
• Incident rate: issues traced to data mismatches or stale feeds.

Governance that keeps pace

• Product-based ownership: each data domain has an accountable owner and steward.
• Change windows with automated checks for schema, PII, and policy violations.
• Model and agent risk reviews mapped to the NIST AI Risk Management Framework.
• Red teaming for prompt injection, data leakage, and escalation paths.

Unlocking legacy systems with API-led integration

• Inventory every data source: owner, SLA, schema, and business criticality.
• Wrap legacy with reusable APIs and standardize on canonical models.
• Expose read-heavy endpoints first (search, status, availability), then write paths with strong guardrails.
• Plan decommission steps tied to measured reuse and stability, not dates.

MOSA where it counts

Use the Modular Open Systems Approach (MOSA) to keep data portable and interfaces consistent across platforms and vendors. That means clear interface control documents, versioning, and conformance tests that any system can pass.

For policy and guidance, see DoD's MOSA resources: ac.cto.mil/mosa.

30 / 60 / 90-day plan

• Day 30: Name data owners for HR, logistics, maintenance, and finance. Stand up a catalog. Pick two high-value use cases.
• Day 60: Publish API contracts for the two use cases. Turn on quality checks and lineage. Pilot an agent with human approval.
• Day 90: Expand to four sources. Add event streaming. Move the first agent to limited production with audit logging and rollback.

Risks to watch

• Stale or conflicting data across systems-of-record.
• Over-merged identities in MDM creating bad approvals or shipments.
• Access creep: agents with broader permissions than operators.
• Vendor lock-in without portable schemas and testable contracts.

What "good" looks like in 12 months

• Golden records for core entities with measurable quality SLAs.
• Reusable APIs powering 70%+ of new integrations.
• Faster cycles: requisitions and ticket resolution times cut by 25-40%.
• Predictive maintenance reducing unplanned downtime and rush orders.
• Audit-ready logs for every agent action, from prompt to approval.

Bottom line for operations leaders

Prioritize clean data, API access, and clear approval loops. Start in HR and logistics, prove value, then expand to operations once the data holds up under pressure.

If you're upskilling your team for these workflows, explore role-based programs at Complete AI Training - Courses by Job.