Connect with us

Hi, what are you looking for?


Artificial Intelligence

CISA Outlines AI-Related Cybersecurity Efforts

CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.

The US cybersecurity agency CISA on Tuesday published a new document detailing its efforts in promoting the use of artificial intelligence (AI) to improve security and supporting critical infrastructure organizations in adopting AI.

Aligned with national AI strategy, CISA’s Roadmap to AI (PDF) promotes beneficial uses of AI in enhancing cybersecurity capabilities and details the agency’s efforts to protect AI systems from threats and to prevent threat actors from using AI to threaten critical infrastructure.

According to CISA, while AI software systems are different from traditional software, basic security practices apply to them as well, and the roadmap builds on existing cybersecurity and risk management programs.

“The security challenges associated with AI parallel cybersecurity challenges associated with previous generations of software that manufacturers did not build to be secure by design, putting the burden of security on the customer,” the agency notes.

CISA encourages AI system makers to follow secure-by-design principles, to ensure transparency and accountability, and ensure that security is a core requirement and integral to AI system development, throughout its lifecycle.

“We envision a future in which AI systems advance our nation’s cyber defense, where our critical infrastructure is resilient and protected from malicious use of AI, and where AI developers prioritize the security of their products as a core business requirement,” the agency says.

CISA plans to integrate AI across its systems, noting that it can help defend against traditional cyber threats and maintain and improve the resilience of critical infrastructure systems, but also pointing out that AI companies and use cases may require specific protections.

The roadmap also details five lines of effort that CISA will follow in unifying and accelerating its AI goals: the responsible use of AI, a secure-by-design AI-based software adoption, protecting critical infrastructure from the malicious use of AI, collaborating with other agencies and national and international partners on key AI efforts, and educating its workforce on AI software systems and techniques.

Advertisement. Scroll to continue reading.

“This roadmap provides objectives for each line of effort that detail how CISA will accomplish these goals and measure our success. We also include representative outcomes and a notional measurement approach for each line of effort We are developing more specific measures of effectiveness, which will be defined in our annual operating plans,” CISA notes.

Related: US Government Issues Guidance on SBOM Consumption

Related: CISA Releases New Identity and Access Management Guidance

Related: ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications

Related: CISA Introduces Secure-by-design and Secure-by-default Development Principles

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.


Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.