IC Officials Turn to AI to Bolster Cybersecurity Amid Rising Threats

Artificial intelligence is transforming how the Intelligence Community performs trend analysis, adversary detection and preventative cybersecurity, senior IC officials said last week at the 2025 Intelligence & National Security Summit in National Harbor, Maryland.

“Artificial intelligence is something that we’re seeing and using every day now in cybersecurity, trying to use it to improve how we look for adversaries,” said Kathryn Knerler, IC CISO at the Office of the Director of National Intelligence (ODNI). “We’re also looking at more sophisticated attacks coming our way that are starting to leverage some of the artificial intelligence vectors.”

Knerler told the audience that the increasing complexity of cyberattacks requires dynamic defenses that can meet these challenges.

“My teams are using it looking at what kind of attack is this? Have we seen this before? What kinds of trends can you get from it? Security operations teams are beginning to use AI in new ways. We’re also seeing it in some of the attacks,” she added.

Ben Phelps, CISO of the Chief Cybersecurity Group at ODNI, said AI helps security officials conduct penetration tests and adversarial attack simulations to strengthen cybersecurity responses.

“It’s taking tactics, techniques and procedures (TTPs) of adversaries and applying them against your systems that are known TTPs. Depending upon the risk of the system or the data that it holds as it moves up, you start bringing in more of your assets and the people that will look at these things and start trying to probe the system a little bit more,” Phelps told the audience.

Doug Cossa, IC CIO and primary IT advisor to the Director of National Intelligence, said AI can also identify endpoints in networks so agencies better understand their inventories.

“Sometimes there’s stuff there that we don’t even know is there that’s in the inventory,” Cossa said. “Identifying those endpoints and scoping the inspections in the context of the threats would be very, very useful, and something that we are starting to adopt.”

Phelps emphasized that the War Department must adopt AI and other emerging technologies faster to keep pace with innovation and dynamic adversaries.

“We cannot afford the 12 to 18 months it used to take for, ‘Oh, I have an idea. Let’s figure out the technology for it. Let’s get it acquisition-ed, let’s get it authorized.’ … By the time you get it usable, the technology is either already passed and it’s old, or the original need has kind of passed. We have absolutely got to shorten that,” Phelps said.

Despite the advances made in AI implementation and adoption, leaders in the IC harbor skepticism for AI security. Knerler said that securing AI systems themselves is a challenge, as adversaries could attack the AI system being used to secure other networks. Additionally, uncertainty about how AI transforms input data into outputs has raised questions across the IC about how to regulate those outputs.

“We’re pretty good about knowing what data we have, but we’re not so great at this new way of when it comes out, what does that look like?” Knerler said. “That’s where we’re focusing frankly, where are the guardrails around that? What does the RMF look like for AI?”

Phelps said as AI becomes ubiquitous, human operators must remain in the loop to check AI models, prevent sensitive data leaks and maintain ethical standards.

“The biggest thing that worries me, with respect to AI, is the ability for the human to still be able to think, check the output that’s there, and does it apply to the question that I or the prompt that I gave it?” Phelps said.