The 2026 Deficit: AI-Driven Spies Meet a Retreating U.S. Cyber Defense
By 2026, government agencies are finding it increasingly difficult to describe cyber risk with a single word or a single adversary. Analysts interviewed by ISMG argue that threats are beginning to overlap: political decisions and uneven investment are amplifying long-standing weaknesses, while the adoption of AI across the public sector is advancing faster than the development of clear governance frameworks and accountability.
Michael Daniel, president of the Cyber Threat Alliance, identifies the greatest danger not as a novel strain of malware or an unexpected attack technique, but as the cumulative effect of cyber security steadily losing priority at the federal level. In his assessment, reduced resources and diminished capacity at the center inevitably increase risk across every layer of government. The core threat landscape is unlikely to change dramatically: ransomware will continue to batter local administrations and school systems, data breaches will plague public agencies, and cyber espionage will remain a constant pressure on federal networks. What is changing is who must absorb the impact—and whether states and municipalities are prepared to do so.
Daniel also points to the signals adversaries extract from U.S. political discourse, including how cyber risk is reflected in strategic documents. Compounding the problem are growing strains in relationships with traditional allies, which make intelligence sharing and coordinated defense more difficult.
At CSIS, China is cited as the principal external threat, particularly as AI becomes more deeply embedded in offensive operations. Lauryn Williams, deputy director of the Strategic Technologies Program, highlights reports from Anthropic describing a Chinese cyber-espionage campaign in which a significant portion of commands were executed autonomously. In her view, the convergence of a state-level adversary and the accelerating force of AI could become a decisive factor as early as 2026, requiring protection not only of government networks but also of critical infrastructure and communications.
Williams further warns that the explosive growth of AI and data-center infrastructure may introduce new vulnerabilities into the U.S. power grid—already viewed by adversaries as a strategic target. She argues that cyber defense must be embedded directly into discussions about energy consumption and AI expansion, and that agencies and regional authorities should play a more active role in sharing threat intelligence specifically related to grid security.
Christopher Frascella, a legal expert at EPIC, identifies attacks on communications networks—and the lack of a forceful response to known weaknesses—as the most alarming trend. He points to the FCC’s decision to withdraw guidance issued after what was described as the largest cyberattack in U.S. history, as well as CISA’s continued failure to release a 2022 report on network vulnerabilities that lawmakers have deemed deeply troubling. Against the backdrop of budget and staffing cuts, experts describe this as the first year of a visible deterioration in the nation’s overall defensive posture.
Frascella emphasizes that access to communications networks enables far more than eavesdropping: it allows the interception of one-time passwords, the compromise of sensitive accounts, and increasingly convincing impersonation attacks—including the takeover of social media accounts for fraud and cryptocurrency schemes. He argues that a muted response to campaigns on the scale of Salt Typhoon, combined with the absence of sustained bipartisan support for cyber security, could encourage new actors to target communications infrastructure.
At the same time, experts highlight a distinct challenge posed by AI itself: deployment is outpacing governance. Daniel notes that attackers have so far adopted AI more slowly than anticipated, but warns that this window may close rapidly, particularly in the realm of social engineering. Williams points to mounting pressure to deploy AI tools without fully understanding the risks across the entire technology stack, while Frascella criticizes regulatory approaches that leave gaps in accountability and transparency. Among the emerging threats he identifies are training-data poisoning, prompt injection, and widespread deficiencies in user preparedness.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
