Q&A: Why State and Local Agencies Must Address Technical Debt as the AI Era Accelerates

STATETECH: Technical debt is often framed as a budget issue, but you’ve described it as a growing security and innovation risk. How should state and local leaders rethink technical debt in 2026?

STEELE: Technical debt refers to the IT vulnerabilities and organizational liabilities that result from outdated or near end-of-life technology systems, equipment and infrastructure. This equipment can no longer be supported by vendors with patches or software updates. Like any debt, the more you ignore it, the more it grows.

State and local leaders can move beyond seeing technical debt as just a budget line item and instead treat it as a compounding security risk and a major barrier to innovation, especially AI adoption. When systems are too old to be patched, they become easy targets for cyberthreats and prevent the adoption of transformative AI technology and tools.

Public sector IT leaders have been discussing tech debt for years, but the unveiling of advanced frontier AI models fundamentally increased the risk of not addressing outdated infrastructure. While these advanced AI-powered cyber capabilities are now available to defenders, it’s a matter of time before they’re available to adversaries.

Cisco’s participation in Project Glasswing reinforces our long-held conviction that cybersecurity is a team sport. We must work together urgently and transparently to tip the scale in favor of defenders, and prioritizing IT modernization is a foundational step.

By shifting away from a reactive approach, agencies can treat IT modernization as a strategic investment in their reputation and organizational mission. A proactive approach to IT modernization will help the public sector keep pace with an agentic AI era.

READ MORE: Here are some agentic AI use cases for government agencies.

STATETECH: Many agencies are running on aging infrastructure that can’t be patched or easily integrated with modern platforms. How do they move forward while addressing risk?

STEELE: Moving forward means shifting from reactive, stop-gap maintenance to a proactive strategy that replaces outdated or end-of-life equipment on an ongoing basis, before it becomes a liability.

This ensures that every dollar spent is building a secure, modern foundation rather than just propping up aging or failing gear.

Successful state and local government IT teams focus on modernizing their foundational systems to build the resilient, agile infrastructure needed to securely deliver public services in the AI era.

STATETECH: As governments look to adopt AI and advanced analytics, how does unresolved technical debt limit their ability to move forward? What needs to happen first?

STEELE: Unresolved technical debt acts like an anchor, slowing down and preventing agencies from fully leveraging the power of AI and other technologies. We’ve seen government agencies struggle to adopt and deploy AI because they rely on aging or near end-of-life IT equipment. Outdated systems simply cannot support modern networking and data demands.

The first step is to take inventory of what needs to be updated or consolidated. Governments can’t manage what they can’t see. Once an inventory is developed, IT teams can then take a risk-based approach to develop a plan, replacing systems that present the greatest cyber-risk and need immediate replacement.

Where immediate upgrade is impractical, IT teams can still develop a mitigation strategy to address the cyber-risks their technical debt exposes.

More broadly, organizations benefit from an ongoing process and strategy to identify, assess and plan for end-of-life and end-of-support technology. By coordinating with other government agencies and industry partners, IT teams can leverage external expertise through better interagency coordination and information sharing.

LEARN MORE: Regional collaboration supports information-sharing efforts.

STATETECH: For agencies that don’t have the resources for a full modernization effort, what are the most practical first steps they can take to reduce technical debt?

STEELE: When resources are tight, focus on updating your most critical, end-of-life systems that pose the greatest security risks.

By identifying these high-impact areas, agencies can build a phased, long-term plan that replaces outdated hardware. This approach is proactive and manageable, helping to control costs while steadily building a secure foundation for the future.

It’s all about making strategic investments today to stop the compounding cyber-risk of tech debt and to set the stage for an AI-driven future.

STATETECH: When governments successfully address technical debt, do they also improve security and their ability to deliver citizen services? Can you give us insights into that transformation?

STEELE: Tackling outdated technology is about more than just IT updates; it’s also about making government services run more efficiently and keeping constituent data secure.

By upgrading older systems for modern ones, government agencies can stop spending all their time just trying to keep things running and start using more sophisticated tools to serve their communities reliably and securely.

Instead of a constant cycle of fixing what’s broken, it’s time to focus on building a system that can defend against today’s threat actors and support AI workloads.