Local governments share AI policies to address cybersecurity risks

Three out of four local governments lack budget for minimum cybersecurity, while AI agents introduce insider threats. Now, internal AI is the new threat vector.

Categorized in: AI News Government
Published on: Jul 03, 2026
Local governments share AI policies to address cybersecurity risks

Local governments are adopting AI systems that create cybersecurity risks unlike traditional perimeter threats - even as three out of four agencies lack the budget for minimum recommended security. The shift comes because AI agents, designed to operate without constant supervision, act as insiders with access that can be exploited or misdirected, according to a July 2026 episode of KALW's Crosscurrents.

Much of the infrastructure people rely on daily - water systems, transit, power - is controlled locally and connected to the internet. That connectivity enables real-time services, but it also exposes agencies to cyberattacks. In 2016, San Francisco's Muni transit system was hit with ransomware that locked employees out of computers and forced fare gates to shut down. Some machines were running software the developer no longer supported.

The funding gap

Many local governments cannot afford even basic cybersecurity. Lan Jenson, a former corporate cybersecurity specialist who now runs the nonprofit Cybertrust America, said a national survey found that three out of four local governments lacked the money for the minimum recommended level of security. "Not the gold standard. The minimum," she said.

Jenson left the private sector after a routine visit to her child's optometrist. When she asked how the office secured medical records, the optometrist replied, "Don't worry. Our IT guy is paid to handle and to secure your child's information." Jenson said the encounter convinced her that cybersecurity can no longer be left to generalists. Her organization now helps small governments and businesses that cannot keep pace with evolving threats.

AI agents: the insider threat

Adding AI to already underfunded systems changes where the threat lives. Traditional cybersecurity focuses on keeping bad actors out. But AI agents are not breaking in - they are already inside the network, acting with a degree of autonomy. Jenson explained that these programs "can think on their own" and will need clear access boundaries. She warned: "You cannot just give it a broad policy, say, 'Hey, any such important decisions, you should ask a person, a human before you do things.'"

For government teams, the job shifts from guarding a perimeter to ensuring that an internal agent does not become a cyber threat. This is a different kind of exposure, and it arrives while many agencies still struggle with basic defenses. Professionals seeking to understand these new attack surfaces can benefit from AI Agents & Automation Training that covers how autonomous software behaves inside an organization.

Evaluations are only a snapshot

Safety assessments offer a point-in-time view of a system's security. Cybersecurity expert Joe Hartman, who has worked in the field since the 1990s, compared an AI system passing an evaluation to his son passing a driver's test. "Even though he passed the test, doesn't mean he'll never get into an accident," Hartman said. The models and threats keep changing, so a single test cannot guarantee ongoing safety.

Collaboration across cities

Some local governments are pooling resources to address the challenge. San Jose published its AI policy online nearly three years ago, and other cities began downloading it as a template. That effort grew into the GovAI Coalition, which launched with 50 member cities. The coalition hosts weekly webinars on civic AI adoption, and Jenson co-facilitates its generative AI working group. A small city with a one-person tech team can adapt existing policies instead of starting from scratch.

This sharing does not erase the funding gap, but it helps agencies meet the gap together. For those building internal expertise, AI for Government Courses & Certifications provide structured learning on deploying and securing AI in public-sector environments.

Why this matters for government professionals

Government staff at every level are inheriting AI tools that operate like new team members with access credentials. The risk is not a distant possibility - it is a shift in where threats originate, and it lands on top of infrastructure that often runs on outdated software. The immediate priority is to define what AI agents can and cannot access, and to treat internal AI as a potential threat vector rather than a passive tool. Collaboration through coalitions and targeted training can help, but the funding gap remains the central obstacle.


Get Daily AI News

Your membership also unlocks:

700+ AI Courses
700+ Certifications
Personalized AI Learning Plan
6500+ AI Tools (no Ads)
Daily AI News by job industry (no Ads)