America’s AI cyber defense gap needs Congress to act
Twice in the past five months, the U.S. Congress has allowed the authorization for U.S. cyber threat intelligence sharing to lapse. In each case, it managed only short-term extensions for this pillar of America’s collective cyber defense. This cycle of expiration and stopgap extensions is undermining the certainty that both industry and government need to strengthen and modernize information sharing to meet threats in the AI era.
The law in question, the Cybersecurity Information Sharing Act of 2015 (CISA 2015), provides the framework for voluntary cyber threat information sharing between industry and government, removing legal impediments that had disincentivized companies from sharing threat intelligence. The law first expired in September 2025, and Congress has since relied on stopgap measures to revive it, most recently extending it through September 2026.
The problem runs deeper than short-term lapses. CISA 2015 was written over a decade ago and has not kept pace with AI-driven cyber threats and other emerging risks. As AI reshapes the threat landscape, Congress should use the reauthorization debate to modernize the framework for the AI era.
Read more at Center for a New American Security