Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Facing ‘velocity problem’ of AI-fueled attacks, federal cyber leaders pursue solutions at speed

(Don Kauffman/McCrary Institute)

By Bridget Johnson

WASHINGTON — Federal cyber leaders warned Tuesday that artificial intelligence in the toolbox of bad actors requires urgent adaptation to meet the “scale and speed” of AI-propelled attacks and defend critical networks.

“The scale of these attacks and the sophistication are increasing,” National Cyber Director Sean Cairncross said at the McCrary Cyber Summit in Washington. The inaugural event was hosted by the McCrary Institute for Cyber and Critical Infrastructure Security, which is the parent organization of Threat Beat.

Cairncross said the deployment of AI tools in cyberattacks is “making it faster and more agile,” which in turn makes speed and efficiency across whole-of-government solutions including innovation and attack response more crucial for cyber defenders.

Acting Cybersecurity and Infrastructure Security Agency Director Nick Andersen said his biggest concern with an AI-fueled cybersecurity landscape is the “velocity problem.”

Andersen said that underscores the need for a robust common vulnerabilities and exposures (CVE) program — “we view that as a public good” — to help mitigate risk across the board.

“AI is going to expose a lot of the basics that have been ignored for a long time,” he warned.

Booz Allen just released a new report on the acceleration of AI-driven cyberattacks and how sophisticated breaches that used to take teams days to execute can now be done by an individual in a matter of minutes.

“There’s a whole AI supply chain that we need to think about,” Chairman and CEO Horacio Rozanski said at the summit.

Rozanski noted additional risks including the potential of a bad actor getting a hold of training data and manipulating an AI model, and emphasized that adversaries are building and testing lightning-fast agentic AI tools. “Imagine in your neighborhood if every house had no front door,” he said. “2026 is going to feel like that to cyber defenders.”

Acting Undersecretary of Energy Alex Fitzsimmons, who leads the Energy Department’s Office of Cybersecurity, Energy Security and Emergency Response (CESER), said on a panel discussion of federal cyber leaders that seizing the benefits of AI to beef up sector security is a “big priority” in his office.

Fitzsimmons said that investing in AI for cyber defense and hardening potential targets across the energy sector — “the critical sector of the economy that make every other sector possible” — is imperative.

“We cannot be AI dominant if we’re not energy dominant as well,” said McCrary Institute Director Frank Cilluffo, who moderated the panel.

U.S. Army Principal Cyber Advisor Brandon Pugh echoed that “we’re very passionate about how do we leverage AI” and better utilize the technology for stronger cybersecurity. CISA Acting Executive Director for Cybersecurity Chris Butera said that AI should be harnessed for security purposes while being secured in order to not enhance adversarial capabilities.

Brett Leatherman, assistant director of the FBI’s Cyber Division, said there is a sharp focus on how offenders are leveraging AI and stressed that broad, rapid attacks must be met by “scale and speed on the defense side.”

Cyber defenders have “got to get out of that space” of “machine vs. human” attacks and start deploying AI to help safeguard critical devices, he said.

Click to listen highlighted text!