A Grant Program to Boost State and Local Government AI Capacity and Manage Emerging Risks
State and local governments want to use artificial intelligence (AI) to improve services and manage infrastructure more efficiently. However, many lack the personnel and funding necessary to handle AI’s risks, including cybersecurity threats, increased energy demands, and data privacy concerns. To help these governments, Congress should create a grant program managed by the Cybersecurity and Infrastructure Security Agency (CISA). This program would fund efforts to promote security best practices nationwide and gather effective approaches from local projects to guide federal policy. Stronger AI capacity at all government levels will reduce the chances of serious incidents like AI-driven cyberattacks.
Challenges and Opportunities
In 2025, 45 state legislatures have proposed over 550 bills on AI regulation, covering topics such as procurement policies, K-12 AI use, and liability for AI errors. Cities are also issuing their own guidelines to address risks like bias and misinformation in AI systems. While there is clear enthusiasm for AI’s potential to improve government operations, inconsistent rules and uneven capabilities slow progress.
AI regulations differ widely between jurisdictions and often conflict, making compliance difficult. Public agencies report a significant skills gap: a 2024 survey found 60% of public sector professionals see AI expertise shortages as the main barrier to deploying AI tools. This problem is part of a broader IT staffing crisis, with over 450,000 cybersecurity positions unfilled nationwide, especially in government sectors with limited budgets.
These challenges at state and local levels pose risks for the entire country. Ransomware attacks on local governments have shown how attackers exploit small vulnerabilities to cause widespread disruption. AI-related threats could follow a similar path. Without adequate staff and consistent regulations, states and cities risk unsafe AI adoption and fragmented crisis responses.
In 2021, Congress created the State and Local Cybersecurity Grant Program (SLCGP) through CISA to help jurisdictions respond to cyber threats. Nearly $1 billion has supported states in adopting security best practices like multifactor authentication and forming cybersecurity planning committees. Federal support for AI capacity can build on this model to unify AI guidance and close resource gaps. AI coordination today is less developed than cybersecurity was in 2021, so early investment can yield significant benefits by enabling safe AI use and preventing costly mistakes.
Local governments are ready to adopt AI but need funding to do so securely. Even modest grants can align fragmented rules, train key personnel, and develop replicable models, lowering the cost and risk of responsible AI deployment. Successful pilot projects create momentum that spreads across jurisdictions.
Plan of Action
Recommendation 1: Congress should launch a three-year pilot grant program focused on building AI capacity at state and local levels. Since SLCGP authorization ends in August 2025, lawmakers can either amend and extend SLCGP to include an AI pilot or create a new program. A new program could involve other agencies like the National Institute of Standards and Technology (NIST), which developed the AI Risk Management Framework, or the Department of Energy for energy-related AI projects.
The pilot should start with $55 million over three years, funding about ten statewide projects with up to $5 million each plus administrative costs. The program’s goals would include aligning AI approaches with federal guidelines, such as NIST’s framework and the Office of Management and Budget’s AI procurement directives, and improving coordination between local and state authorities.
Unlike SLCGP, this program should allow states to use existing leadership structures instead of creating new committees. It should also emphasize skills training and allocate funds to recruit and retain AI professionals in government roles.
Recommendation 2: Pilot projects must focus on practical AI implementations addressing one of three key risks: cybersecurity, energy consumption, or data privacy. Grants should fund projects that produce functioning AI systems with mitigated risks—not just analysis reports.
- Cybersecurity: Projects could target AI-driven social engineering detection or defenses against adversarial attacks like “poisoning” or “jailbreaking” of AI models. For example, funding might support a secure AI dispatcher for interconnected 911 emergency systems, including cyber hygiene protocols to prevent exploitation.
- Energy Usage: Projects should assess AI’s power demands and grid capacity to avoid outages. For instance, a study might evaluate where to locate a data center supporting AI traffic monitoring based on local electricity availability.
- Data Privacy: Projects should ensure AI complies with laws like HIPAA and COPPA, especially in healthcare and education. A pilot might implement a chatbot for Medicaid that prevents mishandling of personally identifiable information.
States would report at each project phase: risk identification, mitigation prioritization, actions taken, and outcomes once operational. This process maximizes learning and creates reusable frameworks and trained staff for future AI uses.
Recommendation 3: The program must facilitate knowledge sharing among grantees. Administrative funds should support biannual in-person forums hosted by CISA, allowing states to present progress and coordinate new initiatives. Grantees should publish guidance and tools in a public digital repository, so other jurisdictions can adopt proven strategies without duplicating efforts.
Conclusion
Congress should fund a grant program to support state and local governments in managing AI risks related to cybersecurity, energy, and privacy. A $55 million pilot over three years will help ten states develop effective AI projects while providing valuable lessons for others. This investment will help governments advance AI use safely and consistently, protecting critical infrastructure and public services from costly vulnerabilities.
For those in government roles looking to build AI skills, exploring resources like Complete AI Training’s latest AI courses can be a practical step toward strengthening your team’s capabilities.
Your membership also unlocks:
