Government agencies race to match AI-powered attacks with automated defenses
Threat actors now gain initial access to government systems and hand off to exploitation teams in 22 seconds, down from hours. The median time has collapsed because most attacks now run on AI automation, according to the 2026 Mandiant M-Trends report.
Government organizations at federal, state and local levels are responding by deploying AI agents and automation to their cybersecurity operations. The shift moves defenders from reactive manual work to proactive threat detection and response.
Processing scale changes what humans do
Iowa processes 60 billion security logs per month. Its SIEM/SOAR system filters out 93% upfront, leaving staff to examine the 7% that matters.
"We went from having to manually go and look at logs to now addressing the issues before they become issues and intervening before an attacker can get a foothold in our environments," said Shane Dwyer, CISO for the State of Iowa.
Connecticut built what officials call an "Agentic SOC" - a unified, AI-driven security operations center that detects threats before they reach production systems. Gene Meltser, Connecticut's CISO, said the approach lets the state respond in near real-time across multiple cloud environments.
"For us, at a state level, AI is going to be a feature of speed and our ability to retool what we do to meet rising demand and to withstand some of the attacks we're going to be seeing," Meltser said.
Privacy and compliance work gets faster
Google Cloud uses AI agents to find privacy issues faster than human reviewers. The company's compliance team saves thousands of hours while delivering better privacy outcomes across multiple teams.
Jeanette Manfra, Vice President and Head of Risk and Compliance at Google Cloud, emphasized that humans remain essential. "AI agents can replace tasks, but humans are critical to designing agents, checking and validating what they produce, and using that information to engage in the type of higher-level thinking and creating that drives innovation."
Arizona State University built a chatbot to answer questions about 19 new security standards. Instead of forcing users to read lengthy policy documents, staff could query the bot and get answers instantly.
Education shifts to prepare for the agentic era
ASU is launching a student-led SOC in fall that teaches security basics in the first half and hands-on automation and agentic AI in the second half. Students will use both Google technology and ASU's CreateAI Platform, which includes security and ethics guardrails.
"We need to fundamentally shift the way that we educate our students, such that instead of trying to ignore, or push away AI, we embrace it and better position our students to be successful," said Lester Godsey, CISO at ASU.
Adarryl Roberts, CIO of the Defense Logistics Agency, said his team trains staff on prompting, automation and business process engineering. "Technology, typically in the government, they feel it happens to them, not with them. That's why we're trying to democratize at the same time we're deploying."
The risk of not moving
Threat actors are actively using AI to find and exploit vulnerabilities. Staying with manual processes means falling further behind an adversary that operates at machine speed.
Roberts advised government leaders to experiment and accept calculated risk. "Cybersecurity isn't black and white, it's really about risk management and expectation setting. As you're looking to implement AI, to go faster, you have to take risks as a CIO. Just understand what that risk is."
The Defense Logistics Agency and other government organizations view AI as a force multiplier for their workforce, not a replacement for it. The bottleneck is no longer technology - it's training people to use it.
Learn more about AI for cybersecurity analysts, including threat detection, SOC optimization and security automation for government defenders.
Your membership also unlocks:
