A Government Accountability Office (GAO) cybersecurity official said agencies must build security into artificial intelligence (AI) from the outset as the technology expands federal attach surfaces.
Speaking during a webinar hosted by gist360 on Wednesday, Jennifer Franks, GAO’s director of information technology and cybersecurity, said AI systems introduce new risks across data, models, and downstream actions – requiring agencies to rethink how they manage security and risk.
Franks said agencies must account for how AI expands both risk and attack surfaces:
“When you’re thinking about building security into AI from day one, it really means treating the entire model along with the data, understanding the prompts – how things are configured, your interfaces, and then the downstream actions that you will need to integrate into your risk surface – because AI now expands your risk surface, it expands your attack surface,” Franks said.
Franks said agencies must formalize governance around AI use – defining processes, approving use cases, assessing risk tolerance levels, and establishing boundaries for sensitive data. Franks also stressed the importance of human oversight, security controls, continuous monitoring, and audit logging to detect and respond to unexpected AI behavior.
Franks pointed to zero trust architectures as a baseline for securing AI systems. “It’s just the core of going beyond implicit trust … we have to [verify identities] at every single interval and at the machine speed that the AI is providing us,” Franks said.
She also warned that AI agents should be treated as non-human identities within zero trust environments, with tightly scoped, time-bound access and monitoring for anomalous behavior.
“We have to be forward projecting as to what it is we’re going to do with our assets and considering the key priorities,” Franks said, further emphasizing that federal agencies must “consider the full life cycle of your IT and your cyber spans, which now do need to include innovation [in] emerging tech,” from AI to even quantum computing.
Click Here For The Original Source.
