Chuck Brooks is the president of Brooks Consulting International and one of Executive Mosaic’s GovCon Experts.
Artificial intelligence is the defining technology race of the 21st century. It is not only about constructing bigger language models or spending billions on computing infrastructure anymore. It’s about building trust. It will be those governments that can both innovate quickly and also secure their AI systems from cyberattack that will create the future digital economy, national security and the next wave of technology leadership.
This strategic reality is reflected in the White House’s recent executive order on AI innovation and security. Its goals include accelerating AI innovation, enhancing the cybersecurity of federal information systems and allowing for the safe deployment of frontier AI models. More importantly, it recognizes a premise I have preached for years: cybersecurity is no longer a supporting function to digital transformation, but the foundation on which AI innovation rests.
The order sensibly rejects the false dichotomy of innovation versus regulation. Instead, it knows that secure AI is competitive AI. Countries that can build trusted AI ecosystems will have a permanent economic and geopolitical edge.
AI and Cybersecurity Are Merging Into One Strategic Discipline
Artificial intelligence is altering business, and it is transforming cybersecurity in the same way. Security operations centers are increasingly turning to AI to automate threat detection, accelerate incident response, find vulnerabilities and evaluate large volumes of information that would overwhelm human analysts.
Unfortunately, the same technologies are serving the adversaries. Nation-state actors and organized groups of cybercriminals today utilize AI to automate reconnaissance, produce polymorphic malware, run highly convincing phishing campaigns, write harmful code, exploit software vulnerabilities, and create deepfakes that can fuel fraud and disinformation.
The cybersecurity battleground is quickly becoming an AI-vs-AI conflict. Recognizing this trend, the executive order instructs the Committee on National Security Systems to expand federal projects that bolster AI-enabled cybersecurity. That’s more than an administrative action — it implies that artificial intelligence will increasingly become America’s cyber defense multiplier.
Success will not only demand that we deploy AI more quickly than our opponents, but also that we deploy it more securely.
Frontier Models Are Growing into Strategic National Assets
Among them, one of the order’s most important mandates is for the Departments of the Treasury and Defense, in consultation with the National Security Agency, to develop a process to evaluate the cybersecurity of designated frontier AI models and to establish mechanisms for developers to provide the government with early access for security evaluations. This is a key evolution of the national security policy.
Frontier AI models should increasingly be seen as critical national assets, along with advanced semiconductors, quantum technologies, satellite systems and sensitive defense capabilities. But safeguarding them poses whole new security problems.
How are organizations preventing theft of model weights? What about training data poisoning? How do they guard against it? How do they verify the quality of synthetic datasets? How to audit autonomous AI agents? How can companies detect model manipulation before it does operational damage?
The difficulties need cybersecurity disciplines that go far beyond typical network defense. Secure development techniques, model governance, continuous monitoring, zero trust architectures, identity-centric access controls, software supply chain security and resilience engineering should all be standard components of any company’s AI strategy.
AI Cybersecurity Clearinghouse Could Change the Game for National Resilience
One of the executive order’s more novel proposals is the establishment of an AI Cybersecurity Clearinghouse, to be led by the Department of the Treasury in collaboration with government agencies and the business sector. Well executed, this program could rank among the order’s most successful successes.
The current vulnerability ecosystem is fragmented. Organizations have a hard time prioritizing the thousands of Common Vulnerabilities and Exposures, or CVEs; coordinating software patching; and quickly sharing actionable threat intelligence. AI can make a huge difference to the process.
AI systems can correlate threat intelligence across many sources, detect exploit chains, prioritize vulnerabilities according to operational risk and automate remedial suggestions before attackers exploit holes. Equally significant, the Clearinghouse underlines a fact cybersecurity specialists have long understood: government alone cannot secure America’s digital infrastructure.
Most key infrastructure, including much of the innovation fueling AI, is owned and operated by industry, so public-private collaborations remain vital.
Identity Is the Trust Layer for AI
There is one area where corporations need to accelerate even more: identity security. When organizations start to use autonomous AI agents that can make decisions, access enterprise systems, write software, manage infrastructure and connect with customers, each AI agent is effectively a new digital identity. That identity needs to be validated, continuously monitored, managed and constrained by least-privilege access.
With weak identity governance, companies risk deploying millions of privileged autonomous entities that operate with minimal oversight. Identity is becoming the operating system of trusted AI in many ways. That’s why zero trust principles – “never trust, always verify” – need to grow to cover not only individuals and devices but also AI agents, models, APIs and machine identities.
Enterprise Risk Management, Now With AI Governance
One of the biggest virtues of the executive order is its implicit acknowledgment that AI governance is no longer simply an IT issue. Artificial intelligence is a risk management issue for the entire organization. Boards of directors should be regularly updated on AI governance and cyber resilience. Executive leadership should integrate AI supervision into wider organizational risk management programs that address cybersecurity, privacy, operational resilience, intellectual property, compliance, ethics and business continuity.
Organizations are encouraged to align these activities with the NIST AI Risk Management Framework, the NIST Cybersecurity Framework 2.0, the Secure by Design principles and the zero trust architecture recommendations. Governance cannot be yet another annual compliance effort. It must constantly evolve as AI systems become more autonomous and sophisticated.
What Is Still Missing?
The executive order is a good first step, but it should be considered a foundation, not a final blueprint. More emphasis should be given to several key areas.
First, AI identity governance should be a national priority. With the proliferation of agentic AI, machine identities will soon outweigh human identities by orders of magnitude. Strong authentication, credential lifecycle management, restricted access controls and continuous behavioral monitoring for AI agents should be common practice.
Second, post-quantum cryptography warrants far more urgency. AI and quantum computing are evolving in tandem, and together they will transform cybersecurity. Organizations that use AI at scale should already be prepared for cryptographic upgrades. Waiting for “Q-day” is not a plan. Thankfully, the two new White House executive orders have recognized this reality and emphasized the need for quantum security.
Third, legislators should prioritize AI software supply chain security. Software Bills of Materials, or SBOMs, have enhanced software transparency, but AI introduces additional dependencies, including training data, pretrained models, inference engines, APIs, plugins and model weights. Developing transparency frameworks or AI Bills of Materials could greatly enhance trust in the AI ecosystem.
Fourth, the executive order should emphasize the resilience of essential infrastructure. Energy grids, healthcare systems, transportation networks, water utilities, financial institutions and space systems increasingly depend on AI-enabled technology. Their security requires sector-specific instructions, rigorous testing, and ongoing engagement between operators and government.
Finally, there is a dilemma facing America that is as vital as the technology itself, and that technology cannot solve: building the workforce to safeguard AI. We need many more people with professional skills in cybersecurity, AI engineering, cloud computing, quantum technologies, data governance and risk management. The United States will need to keep investing in education, workforce development and public-private research partnerships if it is to remain a leader over the long run.
The executive order is a significant milestone because it understands that innovation and cybersecurity are not competing goals – they are mutually reinforcing. But success will be in the implementation. There are ambitious plans to establish the AI Cybersecurity Clearinghouse, assess frontier models, expand AI-enabled cyber protection and strengthen enforcement against AI-enabled crime. Success will require continuous investment, efficient interagency coordination, a tight partnership with industry, and continued engagement with academia and foreign allies.
The pace of AI innovation leaves little room for delay. Frontier models get more capable, AI agents get more autonomous and cyberthreats get more sophisticated every month. Security cannot be an afterthought post-deployment. It has to be a fundamental design principle. Ultimately, America’s leadership in artificial intelligence will be determined not just by how swiftly it innovates, but by how safely and responsibly it does so.
In the age of AI, cybersecurity involves more than just technical protection. It is preserving economic competitiveness, national security, public trust and the future of artificial intelligence itself.


















