The challenges with AI and previous generations of software not built securely by design place the burden of cybersecurity on the customer. Although AI software systems might differ from traditional forms of software, fundamental security practices still apply.

The 2023–2024 CISA Roadmap for Artificial Intelligence roadmap incorporates key CISA-led actions as directed by Executive Order 14110, along with additional measures CISA is leading to promote AI security and support critical infrastructure owners and operators as they navigate the adoption of AI.

GOAL 1 | CYBER DEFENSE. AI tools can help defend cyberspace against traditional threats and emerging AI-driven threats. However, AI-based software systems are also software systems that require securing and necessitate cyber defense for AI.

GOAL 2 | RISK REDUCTION AND RESILIENCE. Critical infrastructure organizations increasingly use AI systems to maintain and improve resilience CISA will guide and support responsible and risk-aware adoption of AI-based software systems that are secure by design.

GOAL 3 | OPERATIONAL COLLABORATION. As AI contributes to a rapidly changing threat landscape, CISA will communicate threat and risk information to the U S public, including critical infrastructure sectors. Furthermore, AI companies and AI use cases may be subject to targeted threats and may require specific services and protections in response.

GOAL 4 | AGENCY UNIFICATION. CISA will responsibly integrate AI software systems across the agency and recruit and develop a workforce capable of optimally harnessing AI software systems to carry out CISA’s mission.