The federal agency charged with protecting the nation's digital defenses is operating with a reduced capacity after budget cuts, a gap that is making critical infrastructure and smaller digital platforms more vulnerable to increasingly sophisticated AI-driven cyberattacks, according to internal assessments and cybersecurity officials.
What the budget cuts mean for CISA's operations
The Cybersecurity and Infrastructure Security Agency has seen its funding trimmed this fiscal year, forcing it to scale back monitoring, threat-hunting, and incident response teams. The cuts come at a time when attackers are using machine learning to automate phishing campaigns, rapidly exploit software flaws, and evade traditional detection tools. Smaller firms and local government networks—already under-resourced—are feeling the strain most acutely.
Without the same level of real-time visibility and rapid response CISA once provided, these entities are left to fend off attacks that now adapt faster than many in-house teams can track. One official described the situation as a widening gap between the speed of AI-powered threats and the agency's ability to warn or assist.
AI-driven attacks on the rise
Attackers are not just using AI to write better phishing emails. They are deploying generative models to create convincing deepfake audio and video for social engineering, automate vulnerability scanning at scale, and tailor malware that changes its code to avoid signature-based defenses. The Department of Homeland Security's inspector general recently noted an uptick in such incidents targeting energy grids and water systems.
Critical infrastructure operators—power plants, pipelines, hospitals—rely on CISA for threat intelligence and coordinated response plans. With fewer analysts, the agency has had to prioritize alerts, leaving some smaller utilities and regional transit authorities without timely warnings about emerging tactics.
Smaller digital platforms left exposed
Small and medium-sized businesses, which often lack dedicated security teams, have depended on CISA's free scanning tools and best-practice guides. Budget constraints have delayed updates to those tools and reduced the frequency of outreach workshops. Meanwhile, ransomware gangs and state-backed groups are using AI to identify and strike the weakest links.
A recent advisory from the Multi-State Information Sharing and Analysis Center, which works closely with CISA, warned that AI-powered attacks are hitting municipal websites and local school districts at a pace that outstrips the support available.
What comes next
The agency is seeking supplemental funding in the next budget cycle, but the timeline is uncertain. Until then, operators of critical infrastructure and small digital platforms are being urged to patch known vulnerabilities quickly and to implement multi-factor authentication wherever possible. Whether that will be enough to close the window that AI-driven attackers now exploit is an open question—one that lawmakers are expected to take up in oversight hearings next month.
