Security

How Cyber Resilience Helps Governments Harness AI Infrastructure

Threat actors find new avenues of attack when governments adopt artificial intelligence.

Leslie Nielsen is CISO at Mimecast.

The artificial intelligence boom represents more than a tech trend. It’s a national resilience issue. As agencies race to harness AI capabilities, the underlying infrastructure is accelerating faster than existing security frameworks can handle.

For government IT leaders navigating budget constraints and legacy systems, this creates a perfect storm: expanded attack surfaces, strained resources and adversaries exploiting the same basic vulnerabilities that have always worked.

The challenge isn't just securing new technology. It's ensuring that in our rush to modernize, we don't leave the front door unlocked.

Click the banner below for insights into managed cybersecurity services.

Why AI Infrastructure Is a Cybersecurity Problem Now

AI infrastructure expansion is forcing critical systems, particularly the power grid, to adapt rapidly, causing attack surfaces to expand dramatically. While many organizations deploy AI for cyber defense, critical gaps remain in threat detection and real-time monitoring. For government agencies facing sophisticated nation-state adversaries, two specific challenges have emerged.

Grid Strain and Expanded Attack Surface

Massive AI and data center workloads require new substations, interconnections and control systems. More third-party operators must be integrated, and the use of digital grid-management tools, such as Distributed Energy Resource Management Systems, increases substantially. Each new endpoint, credential and software dependency creates pathways for attackers to exploit, pathways not covered by existing security architectures.

The Reliability-Security Tension

AI workloads demand high availability, but when power capacity is constrained, uptime becomes the dominant priority. Security controls that introduce friction (multifactor authentication, network segmentation, maintenance windows) often get delayed or bypassed to keep systems operational. This creates exactly the openings that sophisticated threat actors seek.

Three Common Failures Threat Actors Use to Their Advantage

Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) document nation-state actors conducting reconnaissance against critical infrastructure, exploiting fundamental security gaps. The scramble to keep pace with AI demands often leaves basic safeguards unchecked. Attackers don't need new tactics; they're getting in the same ways they always have. In fact, vulnerability exploitation as an initial access point for threat actors increased by 34% in 2025.

Examples include:

Weak or inconsistent authentication: Agencies deploy new systems to support AI workloads, but authentication protocols aren't always updated in parallel. Attackers target recent deployments because they’re more likely to have MFA gaps or default configurations that haven’t been hardened.
Third-party vulnerabilities and access sprawl: AI infrastructure expansion involves multiple vendors and contractors. When third parties maintain persistent access without proper identity management, attackers leverage phishing campaigns to obtain legitimate credentials for long-term persistence. Consistent with CISA's Zero Trust Maturity Model, agencies must treat third-party access as inherently high-risk.
Limited behavioral insights and slow detections: Without behavioral baselines, identifying anomalies becomes nearly impossible. This challenge amplifies in AI environments, where “normal” may include unusual access patterns and high-volume data transfers that would typically trigger alerts.

DIVE DEEPER: AIOps can boost detection of anomalies.

Resilience in Action: Fix the Basics To Reduce Risk

The path to resilience requires consistent application of proven security fundamentals, aligned with foundations such as the National Institute of Standards and Technology's Cybersecurity Framework.

Start with strengthening authentication and identity controls.

Enforce MFA across all systems, especially for remote access and administrative accounts.
Conduct regular audits to remove inactive credentials and eliminate shared accounts.
Apply least privilege and just-in-time access principles.
Implement phishing-resistant MFA (hardware tokens, biometrics) for critical systems.

Monitor activity to detect abnormal behaviors.

Track login anomalies: unusual hours, new devices, impossible travel scenarios.
Flag suspicious email activity such as unusual mailbox rules or auto-forwarding.
Establish behavioral baselines for operators, engineers and vendors.
Leverage AI and machine learning specifically for anomaly detection.

Protect trusted channels.

Add verification steps to communication platforms for high-risk actions.
Require out-of-band validation for changes to financial processes, system configurations or access permissions.
Maintain enhanced monitoring of all third-party access.

Expect Critical Infrastructure To Remain a Target

As AI adoption accelerates, adversaries will continue to view critical infrastructure as a strategic target. Nation-state actors recognize that disrupting power, water and communications systems creates cascading effects far beyond the initial compromise.

Building true resilience requires sustained commitment to robust identity security, comprehensive operational visibility and layered protection of trusted channels. The right controls, consistently applied, will significantly reduce the likelihood that minor security gaps become major operational disruptions.

For government agencies, the question isn't whether to invest in AI infrastructure security, it's whether we can afford not to. The technology is here, the threat actors are probing for weaknesses and the cost of a successful attack would far exceed the investment required to prevent it.

The time to close the everyday gaps is now, before they become tomorrow's headlines.

Asia-Pacific Images Studio/Getty Images