A group of tech and business trade associations is urging the federal government to be more aggressive in addressing the gathering tide of cybersecurity risks that rapid advancements in AI are creating, noting that while the White House’s cyber strategy for the country shows an understanding of the threats, more concrete steps need to be made.

In a joint open letter published this week, the groups set forth a dozen steps the White House and Congress need to take in light of the ongoing development of such technologies as agentic AI and frontier models and their use by nation-state and financially motivated threat groups.

The associations wrote that result of such advancements “is a rapidly changing threat environment in which longstanding assumptions, particularly about the speed of attack cycles, the scale of vulnerability discovery, and the integrity of the software supply chain no longer hold. On the other hand, in the medium- and long-term, these technologies should help create a more secure and resilient digital ecosystem that can continue to strengthen American businesses and improve the lives of citizens.”

The letter was signed by the Alliance for Chemical Distribution, American Fintech Council, Business Software Alliance, Cybersecurity Coalition, and Cyber Threat Alliance.

In addition, the Electronic Transactions Association, Healthcare Leadership Council, Independent Community Bankers of America, National Electrical Manufacturers Association, and TechNet also signed on.

National Cyber Strategy Only a Start

The groups noted the Trump Administration’s Cyber Strategy for America, a high-level, six-page document issued by the White House in March. The paper listed sustaining the country’s superiority in critical and emerging technologies as one of six pillars of the strategy. In two paragraphs, the Administration touched on quantum computing, cryptocurrencies, and blockchain, and added the use of “AI-enabled cyber tools to detect, divert, and deceive threat actors. We will rapidly adopt and promote agentic AI in ways that securely scale network defense and disruption. … We will secure the data, infrastructure, and models that underpin U.S. leadership in AI.”

The associations wrote that “the strategic direction is well-suited to the threat environment now emerging. But today’s rapidly evolving environment also requires a framework specifically tailored to AI-accelerated cyber risk, the secure deployment of agentic AI systems, and the resilience of the software and digital infrastructure on which the Nation depends.”

They talked about the rise of frontier models, like Anthropic’s Mythos, which is exceptional at detecting and identifying software vulnerabilities and just as adept at creating exploits for those flaws, making threat actors’ work easier and outpacing the patching, incident response, disclosure, and risk management processes of defenders.

Support Public-Private Partnership

They applauded efforts by frontier model vendors to promote collaboration through such efforts as Anthropic’s Project Glasswing and urged the federal government – as one of their recommendations – to work more closely with AI companies to promote developing, testing, and deployment methods to protect the country against advanced AI threats.

In addition, the groups bemoaned the shuttering last year of the Critical Infrastructure Partnership Advisory Council (CIPAC), a public-private coordination framework that was under the auspices of CISA. The U.S. Department of Homeland Security (DHS), early this year, reportedly was putting the final touches on CPIC’s replacement, the Alliance of National Councils for Homeland Operational Resilience (ANCHOR), but few details about the group are public.

Building back up such public-private coordination, including leveraging and modernizing the CIPAC framework, was among the associations’ 12 proposals. Similarly, the group is asking that the Administration work with Congress to reauthorize the Cybersecurity Information Sharing Act of 2015, which was allowed to expire last year.

“These frameworks help private sector organizations share and continuously monitor cybersecurity threats that help protect the government, businesses, and the American people,” they wrote.

Modernization a Key

Other proposals outlined include adopting AI-driven cybersecurity and modernizing security operations, using existing resources and accelerating ways to address gaps in security being created by the innovation in AI, and running an assessment of AI-related security risks and opportunities at the national level.

In addition, federal agencies should modernize their cybersecurity and resilience risk management plans, push for an AI-ready workforce, streamline regulations, and eliminate unnecessary ones, starting with cyber incident reporting, partner with Congress to reauthorize frameworks for information sharing between the government and private sector, and work with international allies.

The government also should invest in the Common Vulnerabilities and Exposures (CVE) ecosystem. NIST, the federal agency that for years tracked, analyzed, and cataloged such security flaws, has been overwhelmed by the flood of vulnerabilities being submitted and has had to limit the work it can do in response.

The letter comes as the cybersecurity industry has struggled with some of the moves the Trump Administration has made. Those include broad job cuts at CISA and other federal security agencies and proposals for deep budget cuts to the agency – including a $707 million cut this year – that have so far been held off by Congress, even as evidence grows that threat groups linked to foreign adversaries like China and Iran have made inroads into government and private networks for cyberespionage and service disruption campaigns.

Recent Articles By Author

• Ex-IBM Exec Accuses Big Blue and AT&T of Covering Up Foreign Data Breaches
• Meta, Microsoft, DOJ, and Others Disrupt Southeast Asia Scam Compounds
• Anxious Security Pros Watch as Anthropic, OpenAI Expand Access to Frontier AI Models

More from Jeffrey Burt