Local governments are adopting AI systems that create cybersecurity risks unlike traditional perimeter threats - even as three out of four agencies lack the budget for minimum recommended security. The shift comes because AI agents, designed to operate without constant supervision, act as insiders with access that can be exploited or misdirected, according to a July 2026 episode of KALW's Crosscurrents.
Much of the infrastructure people rely on daily - water systems, transit, power - is controlled locally and connected to the internet. That connectivity enables real-time services, but it also exposes agencies to cyberattacks. In 2016, San Francisco's Muni transit system was hit with ransomware that locked employees out of computers and forced fare gates to shut down. Some machines were running software the developer no longer supported.
The funding gap
Many local governments cannot afford even basic cybersecurity. Lan Jenson, a former corporate cybersecurity specialist who now runs the nonprofit Cybertrust America, said a national survey found that three out of four local governments lacked the money for the minimum recommended level of security. "Not the gold standard. The minimum," she said.
Jenson left the private sector after a routine visit to her child's optometrist. When she asked how the office secured medical records, the optometrist replied, "Don't worry. Our IT guy is paid to handle and to secure your child's information." Jenson said the encounter convinced her that cybersecurity can no longer be left to generalists. Her organization now helps small governments and businesses that cannot keep pace with evolving threats.
AI agents: the insider threat
Adding AI to already underfunded systems changes where the threat lives. Traditional cybersecurity focuses on keeping bad actors out. But AI agents are not breaking in - they are already inside the network, acting with a degree of autonomy. Jenson explained that these programs "can think on their own" and will need clear access boundaries. She warned: "You cannot just give it a broad policy, say, 'Hey, any such important decisions, you should ask a person, a human before you do things.'"
For government teams, the job shifts from guarding a perimeter to ensuring that an internal agent does not become a cyber threat. This is a different kind of exposure, and it arrives while many agencies still struggle with basic defenses. Professionals seeking to understand these new attack surfaces can benefit from AI Agents & Automation Training that covers how autonomous software behaves inside an organization.
Evaluations are only a snapshot
Safety assessments offer a point-in-time view of a system's security. Cybersecurity expert Joe Hartman, who has worked in the field since the 1990s, compared an AI system passing an evaluation to his son passing a driver's test. "Even though he passed the test, doesn't mean he'll never get into an accident," Hartman said. The models and threats keep changing, so a single test cannot guarantee ongoing safety.
Collaboration across cities
Some local governments are pooling resources to address the challenge. San Jose published its AI policy online nearly three years ago, and other cities began downloading it as a template. That effort grew into the GovAI Coalition, which launched with 50 member cities. The coalition hosts weekly webinars on civic AI adoption, and Jenson co-facilitates its generative AI working group. A small city with a one-person tech team can adapt existing policies instead of starting from scratch.
This sharing does not erase the funding gap, but it helps agencies meet the gap together. For those building internal expertise, AI for Government Courses & Certifications provide structured learning on deploying and securing AI in public-sector environments.
Why this matters for government professionals
Government staff at every level are inheriting AI tools that operate like new team members with access credentials. The risk is not a distant possibility - it is a shift in where threats originate, and it lands on top of infrastructure that often runs on outdated software. The immediate priority is to define what AI agents can and cannot access, and to treat internal AI as a potential threat vector rather than a passive tool. Collaboration through coalitions and targeted training can help, but the funding gap remains the central obstacle.
Your membership also unlocks: