CISA sidelined as White House scrambles on AI cyber threats

The U.S. government's lead civilian cyber agency is heading into the AI era with shrinking resources and a diminished role as Washington scrambles to assemble a multi-agency response to emerging AI cyber threats.Why it matters: Former officials and industry leaders fear the Cybersecurity and Infrastructure Security Agency no longer has the capacity to help utilities, banks and other critical infrastructure operators prepare for a coming wave of AI-fueled cyberattacks.The agency is at its weakest just when it's needed most, as the government braces for AI models like Anthropic's Mythos to supercharge cyberattacks.Created in 2018 during Trump's first administration, CISA oversees efforts to protect federal systems and U.S. critical infrastructure like the power grid and water utilities from hackers.Between the lines: CISA's sidelining started from the top. When President Trump hears CISA, he doesn't think of protecting chemical plants, telecom networks or hydroelectric dams, a source familiar with Trump's thinking told Axios.He thinks of some guy he'd never heard of making over-the-top claims about 2020 being the most secure election ever held, the source said, referring to former CISA director Chris Krebs.That frustration translated into sweeping staff and funding cuts and a diminished role for CISA in carrying out the second Trump administration's cyber agenda.Since the beginning of 2025, the agency has lost roughly a third of its workforce through buyouts and budget cuts. Trump's budget for next year proposed cutting as much as 707 million and another quarter of the staff — as many as 766 full-time employees.There may now be a U-turn underway, however. CISA's acting director recently told employees the agency plans to hire more than 300 new staffers for mission critical roles, according to Federal News Network.In the meantime, former officials and industry sources worry the cuts have left CISA poorly positioned to respond to AI-fueled hacking threats posed by advanced models. Starving CISA of personnel, resources and leadership in this high-stakes environment puts our homeland security and national defense at risk, Sen. Gary Peters (D-Mich.), ranking member on the Senate Homeland Security Committee, told Axios.Breaking it down: The agency never replaced its chief AI officer after she departed last year, and it did not receive initial access to Mythos even as other agencies did, as Axios previously reported.An industry source told Axios that while many employees remaining at the agency are experienced — including acting director Nick Andersen — the broad personnel cuts and uncertainty about the agency's future have made it harder for industry partners to know with whom to share threat intelligence.Employees also do not seem to be empowered to work with industry or coordinate across agencies in a way that they used to, the source added.Rather than preparing the roof when the skies are sunny, we're choosing to punch holes in it, the industry source said. Now, the storm has arrived.Zoom in: CISA has taken a backseat role in the administration's response to the hacking threats posed by Mythos and similar models, according to two sources familiar with the matter.Andersen participated in early calls led by the White House's Office of the National Cyber Director with tech and cybersecurity leaders about the implications of the models, but has not had much influence on the process, one source said.They're down resources, and they don't have leadership, the source continued. They don't really seem to have a big role here, which is crazy, when you think about their [mission]. Another industry source described the agency as at the table, not in the game as officials await clearer direction from the White House.CISA as a back seat with a focus on cybersecurity is probably the best that we can expect now, James Lewis, a former U.S. cyber diplomat and a fellow at the Center for European Policy Analysis, told Axios.Reality check: The most recent draft of the administration's AI security executive order — which was supposed to be signed Thursday, but was postponed — gave CISA a coordinating role on vulnerability management, according to a readout shared with Axios.Under the proposal, CISA — alongside the White House and National Security Agency — would help Treasury establish a clearinghouse for security vulnerabilities and remediation. That's a shift from the agency's current central role in identifying and warning about exploitable flaws.CISA did not respond to requests for comment.Threat level: In previous administrations, CISA would typically be expected to play a larger advisory role in White House cyber policy discussions, former officials told Axios.CISA should not be expected to sit back and wait to be given marching orders, Suzanne Spaulding, former DHS undersecretary who led the office that became CISA, told Axios. They need to be part of developing that plan, part of understanding the risk and figuring out how we address it.Michael Daniel, former White House cyber coordinator under President Obama, said CISA would normally help ground policymakers in how the cyber threat landscape is evolving and how industry is responding, but currently lacks the bench strength to be part of that conversation.Earlier this month, former CISA Director Jen Easterly called on CISA to be empowered to work with frontier AI labs, cloud providers, software vendors, critical infrastructure operators, and international partners to urgently find and fix the most consequential vulnerabilities in our infrastructure before they can be exploited by our adversaries. Yes, but: Some experts have questioned how effective CISA was at securing critical infrastructure even before the Trump administration's cuts.What to watch: Trump has yet to nominate a permanent CISA director after Sean Plankey withdrew from consideration earlier this year.