Cybersecurity is becoming more sophisticated as artificial intelligence enables advanced defenses that can respond in a fraction of the time.
But AI also complicates cybersecurity efforts by equipping malicious actors with new tools to outmaneuver defense systems.
It’s a “two-edged sword,” said Sen. Gary Peters (D-Mich.), ranking member of the Senate Homeland Security and Governmental Affairs Committee.
“Certainly, from a cybersecurity perspective, you have to be using AI tools because you have to be trying to stay a step ahead of the bad guy,” Peters explained. “But we have to understand how bad guys are using it and develop ways to counter that.”
Certainly, from a cybersecurity perspective, you have to be using AI tools because you have to be trying to stay a step ahead of the bad guy.
Sen. Gary Peters (D-Mich.), ranking member of the Senate Homeland Security Committee
A multifaceted issue. In an increasingly digital world with evolving geopolitical threats, AI will remain a key cyberdefense tool.
Business executives, academics and government cybersecurity experts are particularly on high alert, with 87% telling the World Economic Forum that “AI-related vulnerabilities” were the fastest-growing cyber risk in 2025.
Presented by
go to Google in a new tab
How Google AI can help you outsmart scammers in real-time
From real-time scam detection on Pixel to proactive phishing blocking in Gmail, Google AI is helping Americans stay safe from scams. Whether it’s screening “too good to be true” calls or fact-checking suspicious texts in seconds with Circle to Search or Google Lens, we’re building tools that prevent and help you spot scams easier.
The risks are varied and multifaceted. They include phishing emails that lead to data theft and malware installation, AI deep fakes and impersonations and constant threats to supply chains and critical infrastructure.
Hackers can use AI to find flaws in digital systems and move quickly to compromise them, said Rob T. Lee, chief AI officer at the SANS Institute, which specializes in cybersecurity training.
“It’s happening so fast that most vendors cannot keep up with the amount of vulnerabilities that are being discovered in their products,” Lee said. “That velocity increase is staggering and concerning from a defender’s perspective.”
Overall, 94% of respondents to The World Economic Forum’s Global Cybersecurity Outlook 2026 said AI will be the most significant driver of change in cybersecurity in 2026.
These findings underscore the high-stakes AI cybersecurity arms race that’s evolving as the technology advances.
Enhanced capabilities. From real-time threat detection, automated incident responses and quick data analysis to identify anomalies, AI is already boosting cyber defenses in both government and private organizations.
AI can be trained to assess past cyberattacks and recognize similar patterns in the future for better defenses.
AI can also detect unusual login behavior, sudden traffic spikes and changes in user activity. The technology can then respond by blocking attackers’ access and isolating systems, according to Syracuse University’s School of Information Studies.
Rep. Vince Fong (R-Calif.) said that beyond recognizing the “significant positive capabilities” of AI, the U.S. should ensure it uses the technology to “harden our cybersecurity infrastructure.” Fong is a member of the House Homeland Security Cybersecurity and Infrastructure Protection panel.
Malicious use. As the world operates in a largely digital space, federal and state agencies, private companies and individuals have to remain vigilant about the threat of cybercrimes from single or nation-state actors.
Hackers, including foreign actors, can gain access to sensitive data by using generative AI and chatbots to craft phishing language or voices that mimic prominent figures.
In 2024, then-Senate Foreign Relations Committee Chair Ben Cardin (D-Md.) became the target of a deepfake impersonation using AI to mimic the voice of a top Ukrainian official during a Zoom meeting. Such impersonations can be used to extract sensitive information from high-level officials or to try to discredit them.
Besides the need to safeguard public and personal data, cybersecurity officials are also concerned about electoral systems, especially during an election year.
Russia’s meddling in the 2016 U.S. elections exposed key vulnerabilities in some voting systems and information campaigns. AI advancements have only complicated efforts to safeguard electoral integrity from misinformation, deepfakes and more.
Presented by
Google Threat Intelligence Group is strengthening cyber defenses with AI
By leveraging AI, the Google Threat Intelligence Group (GTIG) enables a proactive approach to cybersecurity, rapidly detecting and mitigating threats to protect Google and its users at scale and at a speed no human team could match.
At least 26 states have enacted rules regulating the use of deep fakes during elections, either banning them or requiring disclosures. But there is no federal law against such malicious use of AI in elections.
Congress is notoriously slow at regulating technology. In the meantime, AI tools are evolving fast, both to the benefit and detriment of cybersecurity.
“The bad guys are innovating constantly,” Peters said. “Unfortunately, they only have to be right one time, and our cybersecurity professionals have to be right 100% of the time.”
Rep. Rob Menendez (D-N.J.), who sits on the House Energy and Commerce Committee, said lawmakers must explore all of AI’s potential as adversaries continue to leverage it.
“We just need to make sure that we are diligent as we do so, and have the appropriate safeguards in place to ensure that we get the most out of incorporating AI for our cybersecurity capabilities,” Menendez said.
Hill priorities. Menendez and Rep. August Pfluger (R-Texas), a member of the House Homeland Security Committee, introduced a bipartisan bill in January on this. The AI for Secure Networks Act aims to strengthen cybersecurity by directing the Commerce Department to study the impacts of AI on U.S. telecommunications networks.
“It would be a great starting point to have the data and information that we need to legislate more robustly on implementing or incorporating AI into our cybersecurity capabilities,” Menendez said.
Even so, lawmakers say the country needs to create a workforce pipeline of people skilled in using AI for cybersecurity.
“Especially on the cyber side, there’s now talk about ‘how do we get the best and brightest to come into the federal government, to work at CISA, to ensure that we have those capabilities?’” Fong said.
A bill Fong sponsored, the NSF AI Education Act of 2025, would allow the National Science Foundation to award scholarships and fellowships to students pursuing AI studies.
The heightened risk of cybercrimes is not lost on policymakers as they seek the best way to regulate AI and protect the nation’s information systems and infrastructure.
Uncertainty. While the Trump administration has taken several steps to support AI innovation, it has also significantly cut funding for the nation’s principal cyber defense unit, the Cybersecurity and Infrastructure Security Agency.
Especially on the cyber side, there's now talk about ‘how do we get the best and brightest to come into the federal government, to work at CISA, to ensure that we have those capabilities?
Rep. Vince Fong (R-Calif.)
The agency is operating under a stripped-down budget and reduced staff that critics worry could leave the nation vulnerable, particularly during an election year. CISA has also been tangled in Department of Homeland Security funding fights.
Some lawmakers have warned that CISA cuts hamper states’ efforts to combat cybercrime without the agency’s support. That’s particularly noteworthy in an election year.
Still, CISA remains a leading player in the nation’s cyber defenses by incorporating AI in operations, including detecting vulnerabilities in key infrastructure and supporting states’ efforts.
Federal guidance. The Trump administration in March released its cyber strategy, which partly lays out its priorities for incorporating AI in digital defenses.
The framework outlined “pillars of action” to ensure the U.S. “remains unrivaled in cyberspace.” Those actions include adopting AI-powered cybersecurity solutions to defend federal networks, and implementing “AI-enabled cyber tools to detect, divert and deceive threat actors.”
The strategy could shape how the government defends itself from domestic and foreign cyber threats and how it partners with companies in those efforts.
Information sharing. Private companies that consider themselves important partners in the nation’s cybersecurity need assurances against legal ramifications for sharing critical data.
Lawmakers are seeking a long-term reauthorization of the Cybersecurity Information Sharing Act, which gives such companies liability protection in exchange for sharing cyber threat data with the government.
Congress passed a short extension of the law in February, but it’s set to lapse on Sept. 30.
A bipartisan bill by Peters and Sen. Mike Rounds (R-S.D.), the Protecting America from Cyber Threats Act, would reauthorize the law for 10 years.
The measure has the backing of major industry groups, including Airlines for America, American Gas Association and the Chamber of Commerce.
Supporters say long-term authorization is crucial for the program.
“Cyber professionals need to know there’s some certainty as to what the rules are so that they can develop their processes and procedures,” Peters said.
— Shania Shelton
You're subscribed! Welcome to the community.
