The 2024 Salt Typhoon breach didn’t just hit AT&T and Verizon. It sat inside U.S. telecom infrastructure for months — quietly. No alarm went off. No AI system flagged it in time. And that’s the uncomfortable truth about where we actually are with AI and national security heading into 2026.
Everyone’s talking about AI as the solution. But the same AI that defends networks is being used to attack them. And right now, the attackers are moving faster.
Why 2026 Is the Year AI Cybersecurity National Security Actually Gets Tested
For years, the conversation was theoretical. Nation-state actors could use AI to automate attacks. AI might change the threat landscape. Well, that future arrived.
Here’s what’s actually different in 2026 compared to even 18 months ago:
Offensive AI tools are cheap and accessible. You no longer need a state-sponsored team of 200 engineers to run a sophisticated cyberattack. Open-weight models — the kind you can run locally with tools like local model setups similar to what Cursor AI users already use — can now be fine-tuned specifically for vulnerability discovery, phishing generation, and evasion techniques. Nation-states figured this out two years before most defenders did.
Attack surface expansion happened faster than anyone projected. The U.S. alone added millions of IoT endpoints to critical infrastructure between 2022 and 2025. Power grids, water treatment facilities, hospital networks — all increasingly networked, all increasingly exposed. Every connected node is a potential entry point, and AI-powered scanners can probe millions of them simultaneously.
Defenders are still working in silos. The NSA, CISA, FBI, and DHS all have cybersecurity mandates. They share threat intelligence, but slowly. Meanwhile, the adversary — whether that’s a Chinese APT group, Russian GRU unit, or Iranian MOIS operation — doesn’t have bureaucratic latency problems.
The truth? The gap between offensive AI capability and defensive AI deployment is widening, not closing. And that’s the core national security problem for 2026.
The Three Ways Nation-States Are Using AI Against U.S. Infrastructure Right Now
I’ve spent time going through CISA advisories, MITRE ATT&CK updates, and declassified NSA reports from the last 18 months. What’s happening isn’t science fiction. It’s operational.
1. AI-Powered Reconnaissance at Scale
Traditional reconnaissance — mapping a target’s network before an attack — used to take weeks. Human operators, manual probing, slow enumeration. AI changed that completely.
Tools built on top of open-source models can now perform what the intelligence community calls “automated discovery chains.” They scan, identify, categorize, and prioritize vulnerabilities across thousands of targets simultaneously. What took a red team three weeks now takes hours.
Volt Typhoon, the Chinese state-sponsored group that CISA publicly named in 2023 and has remained active since, was documented using this type of layered reconnaissance against U.S. power and water utilities. The goal wasn’t immediate disruption. It was pre-positioning — getting inside, staying quiet, and waiting.
That’s the part that should concern you most. These groups aren’t trying to blow things up. They’re planting flags for a future conflict scenario. And AI makes the flag-planting exponentially faster.
2. Spear-Phishing That Actually Works
Most phishing attacks are obvious if you know what to look for. Bad grammar, weird sender domains, generic messaging. AI-generated spear-phishing in 2026 doesn’t have those tells.
Large language models — even smaller, locally-run ones — can scrape a target’s LinkedIn profile, public emails, press releases, and social media, then generate a hyper-personalized email that references their actual colleagues, recent projects, and specific internal terminology. The cognitive overhead required to spot it is enormous.
CISA reported a 340% increase in AI-generated phishing attempts targeting federal contractors between Q1 2024 and Q3 2025. The click-through rate on these attacks is significantly higher than traditional phishing — some internal estimates put it at 3-4x more effective.
The defense requires a different mindset. It’s not about training people to spot bad emails anymore. It’s about assuming the email looks real and building technical controls that don’t rely on human judgment at the point of attack.
3. Autonomous Malware With Adaptive Behavior
This one’s newer and genuinely unsettling. Traditional malware follows a script. It does what it’s programmed to do. If a defender patches one vector, the malware fails.
AI-augmented malware — what some researchers at DARPA are calling “cognitive malware” — can observe its environment, identify that its initial approach is failing, and adapt its attack path in real time. It doesn’t need a human operator to adjust the strategy.
The BlackMamba proof-of-concept from 2023 showed this was technically feasible. By 2025, operational variants started appearing in incident response reports from Mandiant and CrowdStrike. They’re not everywhere yet, but they’re real, and the trajectory is obvious.
What the U.S. Government Is Actually Doing (And Where It’s Falling Short)
The Biden administration’s 2023 National Cybersecurity Strategy set the framework. The CHIPS Act, Executive Order 14028, the NSA’s AI Security Center — these are real efforts. The current administration in 2026 has largely continued and expanded them, particularly around critical infrastructure protection.
Here’s an honest assessment of what’s working and what isn’t:
What’s working:
CISA’s Cybersecurity Advisory program is genuinely useful. The joint advisories with Five Eyes partners (UK’s NCSC, Australia’s ASD, Canada’s CSE) surface real threat intelligence faster than they used to. The Shields Up initiative gave private sector operators a clearer framework for defensive posture.
NIST’s AI Risk Management Framework (AI RMF), published in 2023 and updated since, gives federal agencies a structured way to evaluate AI systems they deploy — including cybersecurity tools. That matters because AI-powered defense tools have their own failure modes.
The NSA’s AI Security Center, stood up in late 2023, has been running red team exercises against AI-integrated defense systems. Finding out your AI-powered intrusion detection can be fooled before an adversary does it is worth the investment.
What’s falling short:
Procurement speed. The federal government is still slow at acquiring and deploying new cybersecurity technology. A private sector company can adopt a new AI-based threat detection platform in 90 days. A federal agency might take 18 months to get through approval processes. Adversaries don’t wait.
Public-private information sharing. The mechanisms exist — ISACs (Information Sharing and Analysis Centers), CISA’s automated sharing programs — but the latency is still too high and the classification barriers prevent sharing the most actionable intelligence with private sector defenders in real time.
State and local government exposure. Federal networks get most of the attention and funding. But state governments, municipal water systems, local hospital networks — these are often running on outdated infrastructure with minimal cybersecurity staff. They’re easier targets with significant consequences.
The AI Defense Tools That Are Actually Deployed (Not Just Marketed)
There’s a lot of noise in this space. Every cybersecurity vendor has slapped “AI-powered” on their product. Most of it is marketing for slightly improved rule-based systems. Here’s what’s actually doing meaningful work in 2026:
Darktrace’s Autonomous Response (RESPOND) Darktrace uses unsupervised machine learning to model what normal network behavior looks like for a specific organization — not generic baselines, but organization-specific behavioral patterns. When something deviates, it responds autonomously: isolating devices, blocking connections, slowing lateral movement. The honest caveat is it generates false positives, especially in complex environments. Teams need to tune it over months before it performs well.
Microsoft Security Copilot Integrated across Microsoft Defender, Sentinel, and Entra, Security Copilot gives analysts natural language access to threat investigation workflows. The real value isn’t the AI itself — it’s reducing the time a junior analyst spends on triage before escalating. In practice, it cuts incident investigation time for tier-1 analysts significantly, but it doesn’t replace experienced threat hunters.
CrowdStrike Falcon with Charlotte AI Charlotte AI, CrowdStrike’s generative AI layer, helps analysts query their threat intelligence platform conversationally. Ask it “what do we know about Midnight Blizzard TTPs affecting Azure environments” and it pulls relevant intelligence and maps it to your specific environment. Useful for speed, not for discovering things the underlying intelligence database doesn’t already contain.
Palantir AIP for Government This is the one getting serious adoption inside the DOD and intelligence community. Palantir’s AIP connects classified and unclassified data sources and lets analysts build AI-assisted workflows without training foundational models themselves. The classified variant, running on government cloud infrastructure, is being used for threat fusion across multiple agencies. It’s not available to the general public and the details are sparse, but it’s the platform that’s quietly doing heavy lifting.
What none of these tools solve on their own: the human analyst shortage. There are approximately 3.4 million unfilled cybersecurity positions globally as of 2025, according to ISC2. AI tools help the analysts who exist work faster. They don’t replace the need for more analysts.
The Adversaries: Who’s Actually Doing What
Let’s name names, because this is where a lot of coverage gets vague.
China (PRC-affiliated APT groups) The most sophisticated and persistent threat to U.S. national security. Groups like APT40, APT41, and Volt Typhoon are specifically targeting critical infrastructure — not for immediate disruption but for pre-positioning. The goal is having access already established if a Taiwan conflict scenario develops. They’re patient, well-resourced, and increasingly using AI for both reconnaissance and evasion.
Russia (GRU, SVR, FSB-affiliated groups) Sandworm (GRU) remains the group most willing to actually execute destructive attacks — they’re behind the 2015 and 2016 Ukraine power grid attacks, NotPetya, and multiple election interference operations. APT29 (SVR, also known as Cozy Bear) focuses on espionage and long-term access. Russian groups have integrated AI tools more for disinformation and influence operations than pure cyber intrusion, though that’s changing.
Iran (MOIS and IRGC-affiliated groups) Groups like APT33 and APT34 have been increasingly active against U.S. financial institutions and energy sector targets. They’re less sophisticated than Chinese or Russian state actors but more willing to cause visible disruption. The 2023-2024 attacks on water utilities in Pennsylvania and Texas were attributed to Iranian-affiliated actors.
North Korea (Lazarus Group and affiliates) Financially motivated as much as politically. North Korea uses cyber operations to generate revenue — cryptocurrency theft, ransomware, intellectual property theft — to fund sanctions-evading programs. They’re behind billions in cryptocurrency theft, including the $625 million Ronin Network hack in 2022.
Each adversary has different objectives, different risk tolerance, and different tactics. The mistake most organizations make is treating “nation-state threat” as one monolithic category. They’re not.
What Critical Infrastructure Operators Need to Do Differently in 2026
If you’re running security for a utility, hospital network, financial institution, or any organization that falls under CISA’s 16 critical infrastructure sectors, here’s what actually changes your risk profile:
Assume breach, design for resilience. The perimeter defense model is dead. Any sophisticated adversary that wants to get in will eventually find a way. The question is what they can do once they’re inside. Segment your networks so lateral movement is hard. Know what your crown jewels are and put extra controls around them specifically.
Invest in detection and response, not just prevention. Mean time to detect (MTTD) is the metric that matters most for nation-state intrusions. Salt Typhoon sat in telecom networks for months. The goal isn’t to prevent every intrusion — it’s to find intrusions fast and limit what attackers can do with the time they have.
Run tabletop exercises with AI-specific scenarios. Most incident response playbooks were written for traditional malware or ransomware. What’s your playbook for adaptive malware that changes behavior when it detects it’s being analyzed? For an AI-generated spear-phishing campaign that successfully compromises a privileged account? These scenarios need to be exercised before they happen.
Third-party and supply chain risk is the attack vector. SolarWinds taught everyone this lesson. The lesson apparently needs repeating. Your security posture is only as good as your least-secure vendor. Map your critical dependencies, assess their security posture, and have contingency plans for if a key vendor is compromised.
For organizations looking at private AI tools with different security profiles, understanding how uncensored AI image generation and private setups work locally gives you a mental model for how locally-run AI reduces certain exposure vectors — relevant when thinking about what data you’re sending to cloud-based AI tools.
The Policy Gaps That Scare Security Professionals
Honestly, this is where I get frustrated — and a lot of people working in this space share that frustration.
No mandatory cyber incident reporting for most critical infrastructure. The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was signed in 2022 but the implementing rules are still being finalized. Until reporting is mandatory and fast, CISA can’t see the full threat picture.
AI governance for AI-powered weapons and cyber tools is nascent. The U.S. Political Declaration on Responsible Military Use of AI and Autonomy is a start, but it’s non-binding. Adversaries aren’t bound by it at all. The norms around autonomous cyber operations are still deeply contested.
Quantum computing is the next horizon problem most organizations are ignoring. Current encryption standards — RSA, ECC — are vulnerable to a sufficiently powerful quantum computer. NIST finalized its first post-quantum cryptography standards in 2024. Most organizations haven’t started migrating. When a cryptographically-relevant quantum computer arrives (estimates range from 5 to 15 years), anything encrypted with current standards could be decrypted retroactively. Nation-states are already harvesting encrypted data now for future decryption. This is called “harvest now, decrypt later” and it’s real.
The Human Factor Nobody Talks About Enough
AI tools are only as good as the humans deploying and operating them. And right now, the cybersecurity workforce pipeline isn’t keeping up.
The U.S. has a shortage of roughly 500,000 cybersecurity professionals domestically. Federal agencies compete with private sector salaries they often can’t match. The people who understand both AI systems and traditional security operations — threat hunters who can reason about AI behavior and failure modes — are genuinely rare.
Training programs exist. CISA’s free cybersecurity training, SANS Institute courses, CompTIA certifications — these help. But building someone who can perform AI-assisted threat hunting in a high-stakes government network takes years of experience, not months of coursework.
What this means practically: AI tools in national security cybersecurity aren’t replacing humans. They’re a force multiplier for the humans who exist. Getting more value from fewer analysts is the realistic near-term goal. Autonomous AI defense — systems that detect, respond, and remediate without human oversight — is coming, but it brings its own risks. Automated responses can escalate situations unintentionally. An AI system that autonomously blocks what it thinks is an attack might block legitimate critical communications at exactly the wrong moment.
Where Grok, Claude, and Other Frontier AI Fit In
You might wonder where frontier AI models — the ones you interact with daily — fit into national security cybersecurity. The answer is more nuanced than “they’re dangerous” or “they’re tools for defenders.”
Models like Grok (which has its own limitations and free tier structure in 2026) and Claude are capable of explaining vulnerability concepts, writing code that could theoretically be used offensively, and synthesizing threat intelligence. Anthropic, OpenAI, and xAI all have use-policy restrictions and safety measures designed to prevent the most egregious misuse.
But open-weight models — Llama, Mistral, and their fine-tuned variants — have no such guardrails once they’re downloaded and run locally. Using local models is legitimate and useful for many purposes, but it also means adversaries with sufficient technical capability can fine-tune models specifically for offensive cyber operations without any platform-level restrictions.
The dual-use problem is real and there’s no clean solution. Restricting open-weight model releases would slow beneficial innovation dramatically and push development to actors with fewer ethical constraints. The current approach — responsible release with capability evaluations — is imperfect but probably the least-bad option available.
What You Should Actually Do With This Information
If you work in cybersecurity, government, critical infrastructure, or just care about this space:
Get familiar with CISA’s Known Exploited Vulnerabilities (KEV) catalog. It’s public, it’s updated regularly, and it tells you what vulnerabilities are actually being exploited in the wild — not theoretical CVEs that sound scary but never get used.
Read the MITRE ATT&CK framework for nation-state actors. Not to memorize it, but to understand the patterns. Once you see how Volt Typhoon or APT40 actually operates, the abstract threat becomes concrete.
If you’re in a leadership role at any organization touching critical infrastructure, your board needs to understand this isn’t just an IT problem. It’s a business continuity, liability, and in some cases a national security problem. The CISA resources for executives are surprisingly readable.
For anyone building AI tools that touch sensitive data — even indirectly — understanding what Venice AI and similar privacy-focused platforms are doing with local inference and data minimization is worth your time. The architectural choices you make about where data goes matter for your own security posture.
The threat is real, it’s growing, and it’s operating faster than most defenses are evolving. But it’s not hopeless. The organizations that take this seriously, invest consistently in detection and response capability, build relationships with CISA and relevant ISACs, and actually exercise their incident response plans — they’re meaningfully more resilient than the ones that treat cybersecurity as a compliance checkbox.
That’s the difference between organizations that weather the next major incident and the ones that end up in the next Congressional hearing.
Start with the KEV catalog. Today. It takes 20 minutes and tells you more about real threats than most expensive threat intelligence subscriptions.
