The White House AI Action Plan: A Critical Opportunity to Secure the Future

AI without built-in cybersecurity remains a liability. The AI Action Plan presents a pivotal opportunity to get this right by emphasizing a secure-by-design approach.

The White House’s newly released AI Action Plan and series of executive orders advances a comprehensive national AI strategy, which includes secure and reliable use of AI. As AI is increasingly integrated into critical infrastructure and decision-making systems, one thing must remain clear: cybersecurity can't be an afterthought.

At Tenable, we welcome the Administration’s commitment to advancing AI innovation, and we agree that AI without built-in cybersecurity remains a liability. Just like traditional software, AI systems and models are vulnerable to exposure, manipulation and attack, and threat actors have already taken great interest in this rapidly emerging segment of the attack surface. Therefore, we must ensure that all AI technology — whether used by federal, state, local or industry — is secure. The AI Action Plan includes several recommendations to advance security principles within AI.

The Action Plan calls for the promotion of secure-by-design AI technologies and applications. Secure by Design should be embedded into every layer of the AI lifecycle, from model development to deployment. This includes rigorous vulnerability assessments, third-party risk management and real-time monitoring of AI behavior. These safeguards must evolve alongside the technology itself.

The Action plan also recommends the establishment of an AI Information Sharing and Analysis Center (AI-ISAC). Sharing cyber threat information is an important aspect of securing AI systems and protecting against AI threats. This will enable government, industry and academic stakeholders to collaborate on threat intelligence, best practices and rapid response strategies tailored to AI-specific risks. However, any establishment of a new ISAC should ensure coordination and alignment with other industry-based ISACs.

Lastly, the Action Plan suggests the Department of Homeland Security issue guidance to the private sector on remediating and responding to AI-specific vulnerabilities and threats. It also recommends the modification of the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Incident and Vulnerability Response Playbooks to incorporate considerations of AI systems. Organizations need visibility into what AI systems are deployed across their environments and how those systems are being used. Therefore, they must apply the same exposure management practices to AI that they’re using to reduce cyber risk today. This means discovering AI tools and components, assessing them for exposures and prioritizing response based on business impact and exploitability. AI cannot become a blind spot in enterprise risk management.

We strongly urge policymakers to treat cybersecurity in AI systems as a shared responsibility. Tenable supports initiatives to ensure private and public entities at all levels, and in particular state and local governments, have access to the tools and resources required to prevent and mitigate AI threats. Our adversaries are both attacking and weaponizing AI, and we must be prepared to counter with proactive, exposure management approaches.

The AI Action Plan presents a pivotal opportunity to drive innovation in AI while also taking the necessary steps to secure these systems. Focusing efforts on enabling AI-related cyber threat information sharing, building in security from the start and managing exposures across the AI attack surface will serve to dramatically improve AI cybersecurity. By investing in cyber preparedness now, we can ensure AI innovation advances not only with speed, but with resilience and trust.