Building government resilience in an era of AI-driven cyberattacks
Understanding the AI threat landscape
AI-driven attacks are extremely difficult to defend against due to their velocity, frequency and unpredictability. Attackers can shape outcomes, undermine trust and prepare the cyber battlespace long before any overt disruption occurs. These attackers are quickly and quietly compromising the datasets that support critical government decision-making, operations and infrastructure.
State‑linked groups like Salt Typhoon exemplify this shift by focusing on long‑term, covert access rather than quick, noisy wins. During these hacks, as we saw with the Anthropic hack in September 2025, AI agents blend in with normal traffic, automate reconnaissance and identify the weakest links across government environments. As a result, it’s easier for adversaries to stay hidden for months or years.
When AI-driven attacks target critical infrastructure, such as energy grids and telecommunications networks, the risk extends far beyond data theft. Persistent access allows attackers to corrupt or delay critical information, disrupt services during a crisis and put at risk the very infrastructure that military, civilian agencies and the public depend on.
A small, incremental enhancement, like those seen in recent years, will have no meaningful impact against AI-driven attacks. We need a major leap forward, an evolutionary advancement that can be continuously and rapidly improved as part of a new approach. Acquisition and program execution must also adapt to this new normal if the government hopes to secure its future.
The question now is how governments should respond.
Prioritizing the recovery-is-strength approach
Cyber recovery is becoming the clearest test of strength as AI‑driven cyberattacks and espionage operations increasingly target government data, systems and critical infrastructure. No defense stack is perfect, but the capacity to restore critical services quickly after these attacks is what defines resilience in the era of emerging technology.
To start, governments should prioritize the four core principles of cyber resilience: anticipate, withstand, recover and adapt. These principles represent a continuous cycle of defense and improvement. For instance, organizations must anticipate cyber threats through proactive risk assessment and threat intelligence. Organizations can also use these principles to withstand attacks by maintaining robust security controls and resilient infrastructure for operational continuity.
After an attack, they should follow these principles to recover and restore critical functions and minimize disruption. Finally, organizations can adapt by learning from each incident, strengthening defenses and evolving strategies to address emerging risks like AI.
Strategies should also include:
AI-augmented defense and testing
- Security teams should use AI defense tactics by applying Zero Trust to models, data, agents and infrastructure. Using continuous monitoring, anomaly detection, red-teaming and governance are all essential components to prevent data poisoning, abuse and espionage.
- They should equip the government workforce to recognize and resist manipulation, making social‑engineering awareness and counter‑influence training a core competency.
AI as a living architectural foundation
- Security teams should treat AI models as foundational to their long‑term architecture, allowing them to view these models as living systems that learn and must be tuned and governed.
- These models should also not be static tools at deployment but adaptive capabilities that evolve with AI‑driven threats.
Recovery-centric resilience
- Security teams can strengthen their IT environments and missions by enabling active recovery and routine testing of recovery plans using emerging technologies, including cloud‑based recovery environments.
- With these capabilities, security teams can restore networks in a secure, clean environment, validate data, pinpoint where the attack began and fully isolate the threat. As such, teams can avoid scenarios where systems are restored only to be re-encrypted the next day.
Turning legacy backups into fast recovery
- Government CISOs should conduct threat hunting against legacy backups and run detections and security operations from AI-driven recovery capabilities.
- Governments can neutralize AI-driven threats by combining immutable backups with rapid-recovery playbooks. By learning from every incident, agencies move beyond simple defense, embedding cyber resilience into the heart of mission operations and public service protection.
Ultimately, adversaries have no constraints. Social engineering, vulnerability analysis, writing exploits and spear phishing are outpacing defenders’ ability to be successful with AI in the near term. The motive of the cyber adversary has prevented more catastrophic attacks from happening because a human has been in the loop. Adversarial use of AI will remove the human-in-the-loop, which will lead to an increase in disruptive, destructive attacks since AI doesn't fear attribution or retaliation.
In the AI era, cyber strength will be measured not only by how well governments prevent or withstand attacks, but also by how swiftly they can innovate, operationalize new capabilities, detect, withstand, recover and adapt from them.
The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik. These views are for informational purposes only and do not constitute business or legal advice. Organizations should consult with legal and compliance professionals to ensure their cybersecurity strategies meet all applicable federal, state and international requirements.
]]>