Artificial Intelligence
The security challenges associated with AI parallel cybersecurity challenges associated with previous generations of software that manufacturers did not build to be secure by design, putting the burden of security on the customer. Although AI software systems might differ from traditional forms of software, fundamental security practices still apply.
As the nation’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, CISA will play a key role in addressing and managing risks at the nexus of AI, cybersecurity, and critical infrastructure.
CISA’s Roadmap for Artificial Intelligence
CISA has developed a Roadmap for Artificial Intelligence, which is a whole-of-agency plan aligned with national AI strategy, to address our efforts to: promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based threats, and deter the malicious use of AI capabilities to threaten the critical infrastructure Americans rely on every day.
CISA will implement the Roadmap through five lines of effort:
CISA will use AI-enabled software tools to strengthen cyber defense and support its critical infrastructure mission. CISA’s adoption of AI will ensure responsible, ethical, and safe use—consistent with the Constitution and all applicable laws and policies, including those addressing federal procurement, privacy, civil rights, and civil liberties.
CISA will assess and assist secure by design, AI-based software adoption across a diverse array of stakeholders, including federal civilian government agencies; private sector companies; and state, local, tribal, and territorial (SLTT) governments through the development of best practices and guidance for secure and resilient AI software development and implementation.
CISA will assess and recommend mitigation of AI threats facing our nation’s critical infrastructure in partnership with other government agencies and industry partners that develop, test, and evaluate AI tools.
CISA will contribute to DHS-led and interagency processes on AI-enabled software. This LOE includes developing policy approaches for the U.S. government’s overall national strategy on AI and supporting a whole-of-DHS approach on AI-based-software policy issues. This LOE also includes coordinating with international partners to advance global AI security best practices and principles.
CISA will continue to educate our workforce on AI software systems and techniques, and the agency will continue to actively recruit interns, fellows, and future employees with AI expertise. CISA will ensure that internal training reflects—and new recruits understand—the legal, ethical, and policy aspects of AI-based software systems in addition to the technical aspects.
Featured Content
Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure
Discover DHS's groundbreaking guidance on advancing responsible AI use in America’s critical infrastructure, developed collaboratively with experts across the AI supply chain.
Joint Cyber Defense Collaborative Artificial Intelligence Cyber Tabletop Exercise
On June 13, 2024, CISA conducted the federal government's inaugural tabletop exercise with the private sector focused on effective and coordinated responses to artificial intelligence security incidents.
Pilot for Artificial Intelligence Enabled Vulnerability Detection Fact Sheet
CISA, on behalf of DHS, conducted a pilot project using artificial intelligence capabilities to detect and remediate vulnerabilities in critical U.S. government software, systems, and networks.
CISA's Roadmap for AI
CISA's whole-of-agency plan to: promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based threats, and deter the malicious use of AI capabilities to threaten critical infrastructure.
Frequently Asked Questions on CISA’s Roadmap for Artificial Intelligence
Get answers to frequently asked questions about artificial intelligence and CISA's Roadmap for AI.
DHS Safety and Security Guidelines for Critical Infrastructure Owners and Operators
The U.S. Department of Homeland Security was tasked to develop safety and security guidelines for use by critical infrastructure owners and operators.
AI Publications and Use Cases
CISA and Joint-Seal AI Publications
View key publications and guidance that tie to CISA’s AI mission.
Partner AI Publications
View key publications from our partners at DHS, across the federal government, and internationally.
CISA AI Use Cases
See how CISA is using AI responsibly to improve its services and cybersecurity on several fronts, while maintaining privacy and civil liberties.
Improving AI Resilience
Secure by Design
It's time to build cybersecurity into the design and manufacture of technology products. Find out here what it means to be secure by design.
Open Source Software Security
Open source software is part of the foundation of the digital infrastructure we all rely upon. Find out here how CISA is working to help secure it.
Cross-Sector Cybersecurity Performance Goals
A common set of protections that all critical infrastructure entities - from large to small - should implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.
Shields Up
As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks.
Shields Ready
As the National Coordinator for critical infrastructure security and resilience, CISA stands ready to help America prepare for and adapt to changing risk conditions and withstand and recover rapidly from potential disruptions, regardless of cause.
Secure Our World
Secure Our World is a cybersecurity awareness program aimed at educating individuals and businesses on four easy ways to stay safe online.
Blogs
AI Red Teaming: Applying Software TEVV for AI Evaluations
Discover how AI red teaming fits into proven software evaluation frameworks to enhance safety and security.
Blog: With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software
CISA highlights its recent work in Open Source Artificial Intelligence.