Government pilots AI for threat detection

Governments are already piloting artificial intelligence for cyber threat detection, but the clearest U.S. finding is that the software still works best with humans in the loop. (cisa.gov) The Cybersecurity and Infrastructure Security Agency, or CISA, said on July 29, 2024 that it had completed an operational pilot using AI to help detect and remediate vulnerabilities in critical U.S. government software, systems, and networks. CISA ran the testing from late 2023 to early 2024. (cisa.gov) The agency compared AI-enabled vulnerability detection products, including large language model tools, with products that did not use AI. It tested them in two settings: security assessments of federal partner networks and a controlled environment. (cisa.gov) A vulnerability detector is software that hunts for weak spots before an attacker finds them, like checking every door and window in a building before a break-in. CISA said the strongest use today is to supplement existing tools, not replace them. (cisa.gov) CISA also said some AI products were unpredictable and hard to troubleshoot. In some cases, analysts needed substantial time to learn the tools and got only negligible improvement in return. (cisa.gov) That caution runs through the department’s broader AI program. The Department of Homeland Security says CISA uses AI to detect and analyze potential threats, flag unusual network activity, and identify patterns that could signal cyber risks to critical infrastructure. (dhs.gov 1) (dhs.gov 2) One listed CISA use case is malware reverse engineering, where deep-learning systems help analysts triage malicious code and extract indicators of compromise. The inventory labels that use case as pre-deployment, not fully rolled out. (dhs.gov) The federal policy backdrop has also shifted. Executive Order 14144, published January 17, 2025, said artificial intelligence can transform cyber defense by identifying vulnerabilities faster, scaling threat detection, and automating parts of cyber defense. (federalregister.gov) At the same time, the Government Accountability Office said in September 2025 that federal agencies were operating under 94 government-wide AI requirements and 10 executive-branch oversight groups. That means new pilots now arrive with more reporting, review, and governance than earlier experiments did. (gao.gov) The standards side is moving too. On April 7, 2026, the National Institute of Standards and Technology released a concept note for an Artificial Intelligence Risk Management Framework profile for trustworthy AI in critical infrastructure. (nist.gov) CISA, the National Security Agency, the Federal Bureau of Investigation, and allied agencies also released guidance in late 2025 for using AI in operational technology, the systems that run physical infrastructure such as power, water, and factories. The guidance told operators to set governance rules and build in safety and security practices before wider deployment. (nsa.gov) So the government story is not autonomous cyber defenders replacing security teams overnight. It is agencies testing AI on narrow detection tasks, finding real help in triage and pattern-finding, and building rules around tools that still produce false alarms and uneven results. (cisa.gov) (gao.gov)