Overview
- Google confirmed in May 2026 that an AI system produced a zero-day exploit capable of bypassing two-factor authentication, turning theoretical AI threats into an operational risk.
- Since January 2025 CISA has lost roughly one-third of its workforce through buyouts and cuts and now faces proposed FY2026 budget reductions that would remove hundreds more positions.
- Agency sources say CISA has been pushed to a backseat role in the White House’s multi-agency AI response and it did not receive initial access to Anthropic’s Mythos while other agencies did.
- Cuts to stakeholder engagement teams and ISAC funding have weakened the agency’s threat-sharing networks, leaving smaller utilities, local governments and many crypto firms with less government-backed intelligence and classified context.
- CISA’s acting director has said the agency plans to hire more than 300 mission-critical staffers and a draft AI security order would give CISA a coordinating role on vulnerability management, but political uncertainty and leadership gaps leave its recovery uncertain.