Federal Leaders Confront the Next Wave of AI Security Risks

The federal sector’s rapid AI adoption is outpacing existing security controls, creating a blind spot known as "shadow AI" where developers deploy tools without oversight. This gap fuels risks such as data poisoning, exfiltration, and prompt injection, underscored by Zscaler’s ThreatLabz findings that a majority of AI‑generated code bypasses review. Embedding developers in governance discussions and adopting model‑specific bills of materials (MBOMs) can illuminate hidden usage and align procurement with security standards, extending the proven SBOM framework to machine‑learning assets.

Recent red‑team exercises reveal the urgency of continuous model evaluation: 90% of tested AI systems fell to compromise in under an hour, and ransomware blocks surged 146% year‑over‑year to 10.8 million incidents. Organizations are urged to institutionalize AI red‑teaming, integrating it into policy compliance and lifecycle management. By establishing rigorous testing rubrics and threat‑modeling practices, agencies can proactively identify exploitable weaknesses before adversaries exploit them, reducing breach windows and preserving mission‑critical data.

Looking ahead, AI is poised to automate routine government functions—from license renewals to passport processing—delivering speed gains that could shrink weeks of work into hours by 2027. However, technology alone won’t deliver value without a skilled workforce. Targeted AI literacy programs and cross‑functional governance structures will be essential to harness these efficiencies responsibly. Agencies that combine robust MBOM oversight, systematic red‑teaming, and continuous education will not only mitigate risk but also unlock the transformative potential of AI for public services.