FBI Scales Defensive AI to Strengthen Cybersecurity Operations

The FBI is expanding its use of “defensive AI” to automate threat detection, accelerate threat identification and predict how bad actors move within a network based on past behavior, Cyber Division Assistant Director Brett Leatherman said last week at Palo Alto’s Public Sector Ignite event in Tysons, Virginia.

These systems can analyze network behavior in real time and flag anomalies that may indicate a potential breach, but they require a tech-literate workforce for effective implementation.

Leatherman noted that adversaries such as China and Russia are using extensive resources to fuel hacking ecosystems — as seen in operations including Salt Typhoon, Volt Typhoon and Secret Blizzard — making the implementation and scaling of AI-enabled cyber defenses a national security imperative.

“AI allows midtier actors to have nation-state-type capabilities,” Leatherman said. “As we start to move into agentic AI capability, we’re going to see the scale, impact and scope of those breaches become even more significant. There’s no way we can scale our defensive operations — especially with an ongoing tech talent gap — unless we start to meaningfully use AI.”

Leatherman said the FBI views AI as a workforce amplifier, not a replacement. The technology is automating routine tasks so agents can focus on higher-level analysis.

“We can’t be in a space where our agents, computer scientists, intelligence analysts and other support personnel are looking through logs manually,” he said. “We have to be able to leverage meaningful AI platforms while also preserving our chain of custody.”

Still, the agency faces a growing tech talent gap and needs individuals “who think outside the box” to innovate as adversaries evolve.

“The bad guys always innovate, and we need people who come into the organization with bright ideas that might seem impossible at first, but who we can surround with the authorities, capabilities and resources to do that work,” Leatherman said.

He added that strengthening human collaboration remains just as critical as advancing technology.

“It is people first,” Leatherman said. “When people come to the table quickly, share robustly and trust each other, it ultimately helps all of us do a better job at scaling our work against the adversary.”