Reinforce Fundamental Security Practices
As state and local governments adopt AI, they must return to cybersecurity basics and strengthen core principles to help build resilience and earn public trust.
For AI workloads, governments should apply zero-trust principles; for example, continuously verifying identities, limiting access by role and segmenting system components. Clear data policies for access, protection and backups help safeguard sensitive information and keep systems resilient. Perhaps most important, security teams need to be involved early in AI design conversations to build in security from the start.
Organizations that struggle with fundamental principles will find AI exposes security gaps quickly. The solution isn’t abandoning existing practices for something new; often, it’s reinforcing what already works.
Address AI-Specific Risks With Existing Tools
While foundational security is the starting point, protecting AI requires a holistic view of the entire ecosystem. AI systems are not monolithic; they consist of interconnected components, each with unique risks. Although AI workloads evolve rapidly, organizations don’t always need new tools. Many of their existing solutions remain effective when used in a multilayered defense.
Existing tools can be focused on addressing AI-specific risks. Think about using role-based access and auditing to protect training data sets from malicious data poisoning; securing AI model application programming interfaces with strong identity checks; and using anomaly detection to spot suspicious AI outputs.
As AI becomes more embedded in IT environments, the attack surface grows just as rapidly. AI-enhanced attacks can mimic behavior and evade traditional defenses. Staying ahead requires pairing advanced threat detection with rapid response capabilities. Modern systems use AI and machine learning to analyze behavior, detect anomalies and automate real-time responses. This feedback loop continuously improves threat intelligence.
Ultimately, an effective strategy must provide full-stack visibility to quickly detect and respond to threats.
READ MORE: States experiment security with AI sandboxes.
Maintain Human Oversight and Governance
As state and local governments deploy more sophisticated AI systems, it’s crucial to view the technology as a partner, not a replacement for human intelligence. There is a misconception that advanced AI — particularly agentic AI, which can make its own decisions — eliminates the need for human oversight. The truth is, responsible AI deployment hinges on human oversight and strong governance.
The more autonomous an AI system becomes, the more essential human governance is. Someone must set boundaries for what the system can and cannot do. Someone must monitor for drift or unexpected behavior. Someone must make judgment calls when issues arise.
This is especially critical in government, where mistakes don’t just create technical problems, they erode public trust.
Building a security-aware workforce is as important as foundational security principles and layered defenses. Often the first line of defense, employees must be able to recognize risks and play an active role in protecting systems, data and operations. Ongoing education, especially related to AI-specific threats such as deepfakes and highly targeted spear phishing scams, is a core security strategy.
But governance extends beyond training. To ensure the highest level of preparedness, decision-makers must plan as if a cyberattack is imminent and inevitable. A well-practiced incident response and recovery plan ensures continuity and resilience when system compromises occur. This readiness reinforces the importance of human judgment and leadership in navigating AI-related risks.
The goal is to create a human-machine partnership, where AI handles the scale and speed of data analysis, freeing human experts to focus on strategic response, threat hunting and critical decision-making. These practices not only mitigate risk but also build public trust, which is essential for any government initiative.
DISCOVER: State government employees overcome challenges to AI adoption.
Prepare Now for a Secure AI Future
Securing AI is not a one-time milestone. It’s an ongoing process of preparation and adaptation as the threat landscape evolves. For state and local governments advancing their AI initiatives, the path forward centers on building resilience and confidence. And the good news is, they don’t need to start from scratch. The tools and strategies already exist. What’s needed is an understanding of how AI systems introduce specific risks, how to adapt existing defenses to address those risks, and maintaining those defenses.
With a proactive, informed approach, state and local governments can deploy AI securely and effectively to serve their communities and realize its full potential.
