Modernizing U.S. Defense Cybersecurity with AI in an Era of Escalating Threats

As both a tool and a target, AI is reshaping the cybersecurity landscape—and not always for the better. Cybercriminals are increasingly leveraging sophisticated AI technologies to launch more advanced and harder-to-detect attacks. At the same time, AI systems introduce new vulnerabilities, largely due to their reliance on vast datasets and the opaque nature of their decision-making processes. These factors help explain why, by 2023, the cost of cybercrime had more than doubled compared to eight years prior. The cost of cybercrime has more than doubled compared to the past eight years. 

At the same time, AI presents a powerful opportunity to enhance cybersecurity, deploying advanced capabilities to safeguard infrastructure, government networks, and individual data.

Cybersecurity Is National Security

Cybercrime poses cascading national security risks across economic sectors. The Colonial Pipeline ransomware attacks of 2021 gave a taste of those risks. The largest refined petroleum products pipeline in the U.S., Colonial Pipeline was hacked by a group called DarkSide that shut down operations for five days, causing gasoline shortages and panic in the southeastern U.S. The Biden administration responded with a number of acts intended to tighten and enforce cybersecurity in infrastructure.

Still, this remains a heightened threat environment for U.S. infrastructure, government agencies, and the private data of all Americans. We need only look at events over the past year.

Infrastructure: Last year, the Chinese-linked Salt Typhoon launched deep intrusions into major U.S. telecom companies, including AT&T, Verizon, and T-Mobile, which allowed the hackers to spy on the phones of several high-ranking U.S. officials, including then President-elect Trump and Vice President-elect J.D. Vance. Democratic societies tend to be interactive and open, which complicates the mission of protecting infrastructure.

Government agencies: In the fall of 2024, a Chinese state-sponsored hacker gained access to thousands of Treasury Department files. These included unclassified files belonging to Treasury Secretary Janet Yellen. The hacks also targeted the U.S. Committee of Foreign Investment and the Office of Foreign Assets Control. The hackers gained access via a third-party software company, BeyondTrust, highlighting the risks of such third-party vendors in sensitive contexts.

Americans’ data: In 2024, the Russian-speaking Blackcat ransomware group attacked UnitedHealth’s tech unit. Involving 100 million people, information made vulnerable in the UnitedHealth attack is believed to include social security numbers, medical diagnoses, and treatment information. 

AI in cyber attacks

By making detection more difficult, AI has increased the danger of cyberattacks of all kinds. Here are just a few common examples. 

Malware is an umbrella term for malicious software that includes ransomware, spyware, and viruses. Typically, a user clicks a dangerous link and then installs risky software, which allows the malware to breach the network. Generative AI can automatically create sophisticated malware with variations that make it harder to detect.

Phishing involves sending fake communications, often through email, that appear to come from a reputable source such as a credit card company. Cybercriminals aim to steal sensitive data like logins or credit card information, or to install malware. Generative AI can help attackers craft highly personalized, convincing phishing messages.

Deepfakes are an increasing cyber threat. Audio or video powered by generative AI can impersonate people, manipulate public opinion, and carry out sophisticated attacks. Often, attackers are looking to make money: 53% of cyberattacks resulted in damages of at least $500,000.

How AI improves cybersecurity

Often, the best defense against AI attacks is AI security tools. AI-powered cybersecurity has the potential to help modernize U.S. defenses against cyberattacks of all kinds. The following are some of the key benefits of AI in cybersecurity:

Enhance detection: AI models can analyze large quantities of data to generate predictions. This is highly relevant in cybersecurity, where AI models can identify patterns that point to cyber threats, such as ransomware, malware, or unusual network traffic. For example, in 2024 the National Security Agency (NSA) used AI to help detect advanced threat actors using sophisticated living-off-the-land techniques to remain hidden while maintaining ongoing access to critical U.S. infrastructure.  

Accelerate response: Time is often of the essence in cyberattacks. AI can support a faster initial reaction time by automating certain aspects of incident response, generating appropriate actions or scripts depending on the type of incident. This dynamic interplay between detection and response can prevent lag times that allow for immense damage.

Automate security measures: Generative AI can streamline the implementation of security protocols by automating routine tasks such as configuring firewalls or scanning for vulnerabilities. Freed from these tasks, security professionals can focus on the issues that humans are best suited to address. This is just one way that AI can also lower costs. 

Provide cybersecurity training: Cyberattacks often rely on human error, for example, in clicking a dangerous link or inputting sensitive information. One of the greatest benefits of AI for cybersecurity is in training both security professionals and other workers who are engaging with sensitive systems. Generative AI can create realistic scenarios that help improve people’s decision-making skills. These scenarios can change and adapt to people’s roles in order to keep pace with rapidly changing digital threats. The ability of generative AI to create synthetic data is a further benefit: this synthetic data, closely resembling real data sets, can be used to train models without compromising sensitive data. 

Initiatives around AI in cybersecurity 

A variety of government initiatives reflect the increasing recognition that AI tools can help modernize U.S. defenses against the kinds of cyberattacks to which the country is currently vulnerable.

INGOTS: The Defense Advanced Research Projects Agency (DARPA), the research wing of the U.S. Department of Defense, runs the Intelligent Generation of Tools for Security (INGOTS) project, a 36-month project that focuses on AI to defend against exploit chains, a type of cyberattack that takes advantage of multiple vulnerabilities within different system components to gain access and control. So far INGOTS has contracted with five startups that leverage AI for rapid risk assessment. 

Generative AI in the DoD: In what has been described as a strategic shift in cybersecurity, the Department of Defense awarded its first-ever generative AI defense contract at the end of last year. Jericho Security applies generative AI for training personnel, particularly leveraging models based on generative adversarial networks (GANs) to simulate cyberattacks and defensive strategies.

NSA Artificial Intelligence Security Center: The 2025 National Defense Authorization Act has a strong focus on the use of AI in cybersecurity. This Act also established the NSA Artificial Intelligence Security Center, with a mission to help lead NSA’s cybersecurity focus and to defend U.S. AI systems through collaboration with industry, academia, the intelligence community, and government partners. 

This is by no means a comprehensive list of government initiatives related to cybersecurity and AI, and notably does not include work by the Cybersecurity and Infrastructure Security Agency (CISA) and by cybersecurity professionals across government agencies. However, recent developments—such as Elon Musk’s leadership of the Department of Government Efficiency (DOGE), which has aggressively pursued federal spending cuts resulting in over 216,000 job losses, including potential reductions at major departments—underscore the critical importance of maintaining a robust cybersecurity workforce to address escalating threats. ​

Data Privacy for AI Cybersecurity

While the United States is making strides, it remains vulnerable to growing cyberthreats. At the same time, the rapid development of sophisticated AI tools offers a powerful path forward to strengthen our defenses. One of the key advantages of AI cybersecurity systems is the ability to analyze vast amounts of real-time data related to critical infrastructure, sensitive government operations, and personal information. Keeping that data protected at all times is essential.

Many systems today encrypt stored data but require decryption during analysis, creating moments of exposure that attackers can exploit. Privacy-enhancing technologies (PETs) offer a better way. PETs enable secure computations directly on encrypted data, eliminating the need to decrypt information and minimizing the risk of exposure. This approach strengthens the very AI tools we are depending on to protect national security.

If cybersecurity were a movie, AI would play every major role: the criminal, the victim, and the hero. Our work focuses on supporting the hero. We are advancing privacy-enhancing technologies that empower AI to defend against cybercrime without compromising sensitive data. Through innovative solutions, strategic collaborations, and a steadfast commitment to ethical AI practices, we are helping to create a safer and more resilient future.

If you would like to learn more about how we can support your cybersecurity initiatives with privacy-first AI solutions, please reach out to us. We are ready to help.