In a recent USPTO Hour webinar that served as a valedictory address, departing Chief Information Officer (CIO) Jamie Holcombe provided a detailed look at the agency’s information technology strategy. Flanked by other leaders from the Office of the Chief Information Officer (OCIO), Holcombe outlined a vision centered on aggressive modernization, robust cybersecurity, and a pragmatic embrace of artificial intelligence.

For patent attorneys, IP owners, and inventors who rely on the agency's infrastructure, the discussion offered a noteworthy roadmap of future interactions with the USPTO and the principles guiding its technological direction.

Holcombe, who is retiring from public service after five and a half years at the helm, framed the OCIO’s work not as a support function, but as a core component of the USPTO's mission to award patents and register trademarks. With a workforce of nearly 500 federal employees and over 1,600 contractors managing a budget approaching $700 million, the scale of the IT operation is immense. Holcombe’s guiding philosophy, which he dubbed the "ABCs," is to "Act now, be bold, and create results."

This philosophy translates into four key operating principles that challenge traditional government IT management:

1. Don't build IT, use it. Holcombe stressed that the agency should only build what it cannot buy and what is a core business differentiator. "Don't customize box applications because customizing code limits future adaptation," he warned.

2. Change procurement. Arguing that the traditional, risk-averse procurement process "takes too long and it costs too much," Holcombe advocated for taking "measured risks" and forming partnerships with shared risk, rather than engaging in adversarial negotiations.

3. Change budgeting. He pushed for treating IT as a service expense rather than a capital investment. "Don't lock in anything for more than 3 years. Try to replace everything in 5 years, that's almost heresy in the government," Holcombe stated, emphasizing the need to work in 90-day increments and "fail small" if an initiative does not produce measurable results.

4. Mission first, but people always. He acknowledged that process and policy can be changed overnight "with the stroke of a pen," making them prime targets for bold action, while investing in people is a long-term necessity.

The Pillars: Cybersecurity, Cloud, and AI

The OCIO’s priorities are organized around three pillars: cybersecurity, resilience, and cloud modernization, with artificial intelligence woven throughout.

Cybersecurity and Fraud Prevention

Tim Goodwin, the USPTO's Chief Information Security Officer (CISO), detailed the agency's "proactive defense" strategy.

The infographic shared during the presentation revealed the scale of the threat, noting that in a typical week, the USPTO thwarts over two million denial-of-service attempts and 700+ attempts to deploy malicious software.

A central element of the updated security posture is a mandatory shift in multi-factor authentication (MFA). Effective November 1, 2025, the USPTO will eliminate "phishable" MFA methods, such as one-time passcodes sent via email and SMS.

Goodwin explained the vulnerability, stating, "Attackers can steal codes in real time. This is something that we absolutely must prevent from happening."

Users will be required to switch to "non-phishable" methods, which are tied to specific devices and websites. These include:

• Authenticator Apps: Such as Okta Verify or Google Authenticator, which generate time-based codes on a user's device.

• Physical Security Keys: FIDO2-compliant keys like a YubiKey that provide strong cryptographic protection.

This change is part of a broader effort to combat fraudulent filings. Goodwin noted the agency is enforcing MFA and ID.me identity proofing across more systems to protect user accounts and agency data.

Cloud and Resilience

The agency’s modernization is deeply tied to its cloud strategy. The USPTO has adopted a multi-hybrid cloud approach, using Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure to avoid vendor lock-in. According to the OCIO infographic, 59% of all agency components have already been migrated to the cloud.

Holcombe was adamant about the necessity of this move. "There's no reason that the USPTO should be in the datacenter business," he said. Leasing cloud services provides access to the immense processing power required for AI and ensures technology is refreshed continuously. He set a clear vision: "We will be immersed in the cloud with most of our applications no later than the 1st of June 2027."

A Measured Approach to Artificial Intelligence

The USPTO is proceeding with a "not no, but not now" policy regarding the use of commercial generative AI platforms by staff, primarily due to data privacy concerns. "A lot of the terms and conditions if you go take a look at them explicitly state that the owner of that data is in fact the provider," Goodwin cautioned.

Instead, the agency is developing its own internal tools. The most prominent is SCOUT, an internal generative AI platform. Holcombe explained that by loading the Manual of Patent Examining Procedure (MPEP) into SCOUT, new examiners can query the system for procedural guidance, saving time for both the new hires and their supervisors.

SCOUT is also used for simulations, such as modeling case outcomes based on different legal precedents. The tool is currently in a beta phase, with a targeted enterprise-wide rollout for October 2025.

Holcombe also drew a sharp distinction between true AI and simple automation. "If it's not learning and changing it's not AI, it's automation," he clarified. He stressed the importance of high-quality data, pointing to the agency's Open Data Portal (data.USPTO.gov), which contains nine petabytes of curated patent data.

Training models on this "golden data" is essential to avoid what he termed "learning disabled" AI applications that produce hallucinations or inaccurate outcomes.

Benefits, Challenges, and Risks

The USPTO's IT agenda presents tangible implications for its users.

Benefits:

• Enhanced Security: The mandatory shift to non-phishable MFA, while requiring an adjustment from users, represents a focus in account security, directly addressing the risk of account takeovers and fraudulent filings that can jeopardize valuable IP rights.

• Improved Examiner Tools: The deployment of AI tools like similarity search and the internal SCOUT platform aims to augment examiner capabilities. The goal is to improve the quality and consistency of examination and potentially reduce application pendency, which Holcombe identified as a key target for improvement.

• Public Innovation: The Open Data Portal makes a vast repository of technical information available in an accessible, machine-readable format. This empowers researchers, startups, and established companies to conduct analysis and train their own AI models, potentially spurring further innovation.

• System Stability and Speed: The migration to a modern, multi-cloud infrastructure promises greater system uptime, faster performance, and more rapid deployment of new features for public-facing tools like Patent Center.

Challenges:

• User Adoption: The primary challenge for the IP community will be adapting to the new MFA requirements by November 1, 2025. While the USPTO has promised an aggressive marketing campaign, practitioners and their support staff must proactively download an authenticator app or purchase a security key to avoid disruption.

• Cultural Transformation: Holcombe’s aggressive "fail fast" and 5-year replacement philosophy is a significant departure from typical government operations. Sustaining this agile culture after his departure will be a test for the agency's leadership.

• Pace of Development: While the agency has operational AI tools, more advanced applications are still in development. The IP community is eager for tools that can significantly streamline prior art searching and application drafting, and the timeline for public-facing versions of these tools remains undefined. Moreover, Patent Center still has its issues.

Risks:

• AI Confidentiality and Accuracy: The agency is correctly cautious about AI. The risk of confidential application data being exposed through third-party generative AI platforms is significant. Internally, ensuring that tools like SCOUT are free from bias and do not produce "hallucinations" that could lead to improper examination is a constant technical and ethical risk that requires vigilant oversight.

• Cybersecurity Threats: As Goodwin noted, threat actors are now using AI to craft more sophisticated phishing attacks and can even target AI systems themselves to manipulate their outputs. The USPTO remains a high-value target for state-sponsored and criminal actors seeking to steal valuable intellectual property.

• Execution Risk: The modernization plan is ambitious. Any delays in cloud migration, budget shortfalls, or procurement hurdles could slow the deployment of new systems and security measures, leaving both the agency and its users operating with legacy technology for longer than intended.

Looking Ahead

Jamie Holcombe’s parting message was one of capability and urgency: "We're a nation of Americans, not Americants. The last four letters of American are I can." His tenure appears to have instilled a culture of action within the USPTO's IT division.

For the practitioners and innovators who depend on the agency, this translates into a more secure and modern, albeit evolving, operational environment. AI will happen.

The long-term outlook suggests an agency positioning itself to better leverage technology, with the ultimate goal of fostering and protecting American innovation more effectively.

Disclaimer: This is provided for informational purposes only and does not constitute legal or financial advice. To the extent there are any opinions in this article, they are the author’s alone and do not represent the beliefs of his firm or clients. The strategies expressed are purely speculation based on publicly available information. The information expressed is subject to change at any time and should be checked for completeness, accuracy and current applicability. For advice, consult a suitably licensed attorney and/or patent professional.