Government leaders are calling for stronger protections against AI-driven cyber threats to defense systems. The 2026 National Defense Authorization Act (NDAA) addresses these risks by setting requirements for the design, security, and governance of AI and machine-learning (AI/ML) systems across the Department of War (DoW), while safeguarding them from foreign adversaries like China. In parallel, the DoW is accelerating AI adoption across its agencies. As these efforts advance, agencies should take seven actions to manage AI risk and security effectively.
- Shift to probabilistic risk assessment models
Probabilistic models establish a baseline for normal system behavior. Any significant deviation from this baseline is flagged as an anomaly with a calculated probability, making it harder for AI-driven attacks to blend in with legitimate traffic.
- Implement “secure-by-design” principles
The DoW is altering its AI systems by making security a priority from the start. A “secure-by-design” approach means protection is built into every stage of development. Adding on security after software is built has proven to be more costly and ineffective. As a result, defense agencies should focus on AI-resilient safeguards for data, such as encryption, while separating sensitive information and zero-trust security models that assume no system or user is automatically trusted.
Agencies should also prepare for threats that are unique to AI, such as attacks designed to trick or manipulate ML systems. They should upgrade the large, connected network of DoW IT systems, data platforms, software, and services to ensure capabilities are secure as AI usage expands.
- Deploy Zero Trust
DoW networks are global and spread to the battlefield. A large attack surface then makes perimeter defenses ineffective. Zero-trust security now becomes essential as it assumes attackers are in DoW networks and focuses on protecting mission-critical data. Therefore, the goal is not just to block intrusions, but to stop attackers from changing, destroying, or cutting off access to the data that operations and AI depend on.
Zero-trust architecture also safeguards DoW data against AI-driven nation-state cyberespionage by enforcing least privilege access, segmenting networks, and verifying users and devices. To that end, zero trust must be applied to data backups in the hostile cyber domain. Implementing this approach blocks autonomous agents’ lateral movement and limits damage, even if an entry point is compromised.
- Implement agentic AI red-teaming
The DoW should expand beyond traditional red-teaming by using autonomous AI agents to perform continuous, intelligent attack simulations while automating defense adjustments, as a blue team would. By operating autonomously, this purple-teaming approach identifies and remediates risks in real time without constant human involvement, matching the pace of modern cyber threats. Exercises should also include cyber recovery steps that should be implemented after an attack.
- Strengthen backup and recovery isolation
An effective data backup strategy combines technical controls, such as logical air gaps and immutability, with procedural controls, such as offline rotation and strict access management, and testing of backups. In doing so, the attack surface is reduced against advanced, AI-enabled threats.
Immutable backup capabilities prevent data from being altered or deleted, ensuring that even if a foreign adversary accesses the backup system, the data cannot be encrypted, modified, or destroyed. For AI systems, such backups must preserve historical training and test data, providing the most reliable foundation for retraining and recovery from data-poisoning attacks.
- Establish AI sandbox environments
The NDAA calls for establishing cyber-innovation sandbox environments for secure AI testing and training, such as identifying and mitigating risks in isolated, controlled settings. Defense agencies should outline the purpose of each sandbox, such as developing new models, testing existing ones, and validating compliance. Security teams can then ensure all use cases align with DoW missions.
Trust in how data and AI models are built, along with confidence in recovery processes, is essential when an AI system makes an incorrect decision. Thoroughly testing system limits and validating performance across scenarios in a controlled environment helps build this trust. Ultimately, relying on AI models and data for mission-critical decisions depends on people’s confidence that the system will act appropriately, raising questions such as whether the AI has undergone rigorous validation and whether a human remains in the loop to ensure trustworthy behavior.
- Build proactive threat hunting capabilities
DoW security teams should adopt autonomous and deceptive defense capabilities, such as AI‑powered decoys and synthetic assets, to lure adversaries away while gathering intelligence on their tactics. Teams can do this by combining analytics, ML and data collection to detect, learn from and respond to AI-driven threats. The DoW should also invest in its AI computing resources and talent, using operational data to train models and embed advanced AI into workforce tools for analysis and decision-making.
The next phase of AI-driven cyber conflict
Prevention alone is no longer sufficient in cyber warfare. Ransomware, data-poisoning, and wiper attacks can deny access to critical data and disrupt defense missions. As a result, recovery is now the key measure of national strength. The DoW must rapidly restore systems and clean data to sustain operations when AI-enabled attacks succeed.
The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik. These views are for informational purposes only and do not constitute business or legal advice. Organizations should consult with legal and compliance professionals to ensure their cybersecurity strategies meet all applicable federal, state, and international requirements.
Travis Rosiek currently serves as public sector chief technology officer (CTO) at Rubrik, helping government agencies become more cyber and data resilient. Rosiek is an accomplished cybersecurity executive with more than 20 years in the industry. His experience spans driving innovation as a cybersecurity leader for global organizations and CISOs to corporate executives building products and services. He has built and grown cybersecurity companies and led large cybersecurity programs within the Department of Defense (DoD). As a cyber leader at the DoD, he was awarded the Annual Individual Award for Defending the DoD’s Networks.
Prior to Rubrik, Travis held several leadership roles, including chief technology and strategy officer at BluVector, CTO at Tychon, federal CTO at FireEye, a principal at Intel Security/McAfee, and leader at the Defense Information Systems Agency (DISA). He has served on the National Security Telecommunications Advisory Committee (NSTAC) as an ICIT fellow and on multiple advisory boards.
Leave a Reply
You must be logged in to post a comment.