axios.com web signal

CISA cuts expose US at peak AI hacking threat

anthropic cybersecurity regulation military ai-cybersecurity

Key insights

  • CISA has lost roughly one-third of its workforce since 2025 through buyouts and budget cuts under the Trump administration.
  • Anthropic's Mythos model is enabling adversaries to automate exploit generation and scale offensive cyber operations at unprecedented speed.
  • Trump's proposed budget would eliminate an additional $707 million and 766 CISA positions, compounding existing structural damage.

Why this matters

AI-enabled offensive capabilities are now outpacing the institutional infrastructure designed to defend against them, and the gap is widening at exactly the wrong moment. CISA's degradation sets a precedent for how budget politics interact with emerging technology risk: cuts made for fiscal or political reasons create security vulnerabilities that take years to rebuild, long after the original decision is forgotten. For AI practitioners and technical leaders, this is a signal that national-scale cyber defense is becoming a constraint on what can be safely deployed, as infrastructure relying on public-sector threat response now operates on shaky institutional ground.

Summary

CISA has shed roughly a third of its workforce since 2025 through buyouts and budget cuts, leaving the agency at its weakest staffing level in years. AI models like Anthropic's Mythos give adversaries automated exploit generation and scaled phishing that didn't exist two years ago. The agency built to coordinate US cyber defense is now critically understaffed. Essentially: (CISA, White House) national cyber defense is being cut as AI-enabled attacks accelerate. - Trump's budget would cut another $707M and 766 positions on top of existing losses. - CISA's acting director plans 300+ new hires for critical roles, but prior structural damage can't be reversed quickly. The weakest CISA in a decade faces the strongest AI-enabled offense ever deployed.

Potential risks and opportunities

Risks

  • If CISA cannot rebuild analytical capacity before the next major AI-assisted state-sponsored attack, critical infrastructure operators in utilities, hospitals, and financial services face delayed federal incident response and attribution support.
  • The 300+ planned hires could take 12-18 months to onboard and obtain security clearances, leaving a window where reduced CISA staff faces increasing AI-powered threat volume with no near-term headcount relief.
  • Adversary groups including Chinese APTs and Russian GRU-linked actors can calibrate attack timing using public reporting about CISA's weakened state, knowing federal coordination will be slower and less effective.

Opportunities

  • Private-sector cyber firms including CrowdStrike, Palo Alto Networks, and Google Mandiant are positioned to win expanded federal contracts as CISA outsources more threat intelligence and incident response work.
  • AI security startups focused on automated vulnerability detection, including Protect AI, HiddenLayer, and Robust Intelligence, can build stronger government procurement cases as in-house CISA capacity shrinks.
  • Defense contractors with existing federal cyber clearances, including Booz Allen Hamilton, Leidos, and SAIC, gain pricing leverage on expanded CISA support contracts as internal agency capabilities decline.

What we don't know yet

  • Whether Anthropic's Mythos capabilities have been formally assessed by any remaining federal cybersecurity analysts, or cited only anecdotally by former officials in this reporting.
  • Specific breakdown of which 300+ mission-critical roles CISA plans to fill and whether any target AI-specific offensive threat detection.
  • Timeline for when Trump's proposed $707M cut would take effect and whether Congress has signaled any opposition to the additional staffing reductions.

Originally reported by axios.com

Read the original article →

Original headline: Trump Hobbled Top Cyber Agency Just as AI Learned to Hack