CISA leadership and access gaps

Sean Plankey’s withdrawal leaves the Cybersecurity and Infrastructure Security Agency without a Senate-confirmed leader as budget and staffing fights deepen. (cyberscoop.com) Plankey asked President Donald Trump on April 22 to remove his nomination after 13 months, writing that “the Senate will not confirm me.” His nomination had been stalled by multiple Senate holds, including one from Sen. Rick Scott over a Coast Guard contract dispute unrelated to cybersecurity. (cyberscoop.com) CISA has cycled through acting leaders while Plankey waited. CyberScoop reported that Bridget Bean and then Madhu Gottumukkala served in the role, and that Nick Andersen is now acting director. (cyberscoop.com) The agency is also shrinking. The White House’s fiscal 2027 budget proposes cutting CISA by $707 million, and Cybersecurity Dive said that equals roughly 30% of its fiscal 2025 budget of $2.4 billion. (cybersecuritydive.com) (whitehouse.gov) The staffing math has been moving in the same direction since last year. Federal News Network reported in May 2025 that the administration’s fiscal 2026 request would reduce CISA from about 3,732 funded positions to 2,649, a cut of more than 1,000 jobs. (federalnewsnetwork.com) Cybersecurity Dive reported this month that CISA has already lost one-third of its workforce, including key employees and partnership staff. The same report said the administration wants to eliminate the Stakeholder Engagement Division and move only one of its four subdivisions elsewhere inside the agency. (cybersecuritydive.com) At the same time, a new cyber-focused artificial intelligence system is reaching some parts of government without reaching CISA. Axios reported on April 21 that CISA was not among the more than 40 organizations with access to Anthropic’s Mythos Preview, even though some other federal agencies were using it. (axios.com) Anthropic announced Mythos Preview on April 7 as a restricted-release model built for cybersecurity work, saying it would not be opened to the public. Anthropic said the model is aimed at identifying software weaknesses and other security flaws. (red.anthropic.com) (cnbc.com) The Verge reported on April 23 that the mismatch has become a live question inside Washington: the federal agency that coordinates civilian cyber defense is outside an early rollout that has reached other agencies. Axios said CISA’s exclusion came as industries it works with are weighing how to handle AI-driven cyber threats. (theverge.com) (axios.com) The administration says the cuts are a mission reset, not a retreat. The White House budget says it would “refocus” CISA on federal network defense and critical infrastructure protection, while critics cited by Cybersecurity Dive say the reductions would strip out staff and outside-facing programs the agency uses to work with states, companies and other partners. (whitehouse.gov) (cybersecuritydive.com) For now, CISA is trying to navigate all three pressures at once: no confirmed director, fewer people, and no reported access to a closely held AI security tool that other agencies already have. Congress still has to act on the budget, and the White House still has to decide whom to nominate next. (cyberscoop.com) (whitehouse.gov)