Federal and Local Agencies Rethink Identity Management as AI Threats Mount
Government agencies are shifting identity management from a defensive posture to an operational necessity, with officials warning that artificial intelligence is forcing constant adaptation of security strategies.
Speaking at the Okta Government Identity Summit in Washington on Tuesday, Heather Dyer, chief information security officer at the U.S. Postal Service, said identity management now extends beyond users to applications, service accounts, devices, and nonhuman identities. "We are also business enablers now," Dyer said. "We don't say 'no,' we say 'yes,' and 'how do we do this securely?'"
Suneel Cherukuri, CISO for the District of Columbia, described similar pressures at the local level, compounded by D.C.'s unique position serving residents, businesses, consulates, and international entities. The city's broad accessibility creates a heavy burden on identity verification systems.
"Most people do not know the difference between a federal government and D.C. government," Cherukuri said. "By de facto, we become the prime target every single time."
Zero Trust Gains Ground
Both agencies have invested in zero trust approaches-multifactor authentication and privileged access controls-that have reduced risk. But the threat landscape is shifting faster than defenses can adapt.
Dyer said the Postal Service is prioritizing controlled AI adoption with visibility and safeguards rather than restricting access. The agency is communicating risks directly to business leaders to enable informed decisions.
D.C. is expanding mandatory AI and cybersecurity training across its workforce. Cherukuri emphasized that employees need to understand both the risks and the value of data protection.
AI Accelerates Both Innovation and Risk
Dyer warned that adversaries are increasingly using AI to launch attacks at scale. Agencies must embed security from the start as development accelerates. "Stay one step ahead" remains the core mission, she said.
Cherukuri raised a specific concern: code written by AI can be broken faster than code written by humans. "It's never going to really work without the human in the loop," he said.
Coordinating AI strategy across D.C.'s more than 100 agencies adds another layer of complexity. Rapid AI-driven development introduces risks that oversight and human judgment must address.
For government professionals working in identity management or security, understanding how AI reshapes both capabilities and vulnerabilities is now essential. Resources on AI for Government and AI for Cybersecurity Analysts can help professionals stay current with these shifts.
Your membership also unlocks:
