Officials Push Stronger AI Governance Amid Rising Cyber Threats

Gaps in governance and workforce readiness are creating barriers to adopting AI-enabled cybersecurity tools as adversaries use the tech to their advantage, federal law enforcement officials said Thursday at the AFCEA Bethesda Law Enforcement and Public Safety Summit in Washington, D.C.

“The best way for us to defend against AI is to use it … because at the end of the day, you can’t protect yourself if you don’t know,” said Justice Department CISO and Director of Cybersecurity Services Staff Vu Nguyen at the summit.

Nguyen said strong AI governance relies on visibility and ownership across an organization’s IT environment. He cited shadow AI as a key vulnerability within federal networks, adding that organizations must strengthen governance structures to ensure organizations are prepared to implement, monitor and manage AI tools.

“You have to track where the AI is used within your environment,” said Nguyen. “I want to make sure that I have full visibility across the enterprise environment, so that we can manage the risk.”

Governance and AI risk management are often viewed as responsibilities for CISOs and CIOs alone, but Nguyen said the issue is more complex. He noted that law enforcement agencies across government share systems and data, making collaboration across IT teams and agency leadership essential.

“Our mission doesn’t just impact one entity. We all share access to this same system data. At the end of day it’s a collaboration between all the stakeholders because we understand what risk we are accepting when it comes to supporting the mission,” said Nguyen.

AI Highlights Gaps in Cyber Workforce

AI is exposing gaps in workforce cyber readiness and resilience. A 2026 Fortinet report found that 57% of cybersecurity and IT professionals expect existing staff will need reskilling or upskilling to work effectively with AI tools.

“You really have to educate your entire workforce as to what is the new threat,” U.S. Coast Guard Capt. Patrick Thompson said at the event. “They need to understand that the individual decisions that people make every day have a huge impact.”

The report also found that 71% of respondents said cybersecurity skills shortages continue to pose risks to their organizations. Thompson said recruiting, upskilling and reskilling efforts have not kept pace with the growing skills gap. He added that returning to cybersecurity fundamentals — including reexamining an organization’s zero trust strategy — is increasingly important as agencies implement AI.

“We really need to do those fundamental, basic cybersecurity hygiene operations,” said Thompson. “The threat space is always going to change. AI is just another way that it’s evolving, and it’s going to keep evolving faster.”