ICYMI: AI, Cybersecurity Leaders Stress the Need for US Leadership in Developing, Deploying Frontier AI Models

WASHINGTON, D.C. -- This week, the Subcommittee on Cybersecurity and Infrastructure Protection convened a hearing to examine how artificial intelligence (AI) is transforming the cybersecurity landscape and reshaping the resilience of America's critical infrastructure, as well as policy solutions to secure our networks, strengthen America's domestic technology base, and ensure the United States maintains its leadership in emerging technologies.

Witness testimony was provided by Sandra Joyce, Vice President of Google Threat Intelligence; Dr. Chris Meserole, Executive Director for the Frontier Model Forum; Jack Cable, Chief Executive Officer and Co-Founder of Corridor Security Inc.; and Dr. Matthew Guariglia, Senior Policy Analyst at the Electronic Frontier Foundation.

Witnesses highlighted the transformative potential of frontier AI models, agentic AI systems, and AI-powered coding tools in strengthening U.S. cyber defenses but cautioned that AI has also lowered barriers for malicious actors to conduct increasingly sophisticated cyberattacks. Witnesses also raised concerns about efforts by adversaries, such as the People's Republic of China (PRC), actively working to acquire and replicate American AI capabilities. Witnesses emphasized the need to securely develop and deploy American AI to ensure the U.S. can stay ahead of emerging cyber risks. To maximize the effectiveness of AI-enabled cyber defenses, witnesses underscored the need to improve basic cyber hygiene at the local and state levels.

In April, House Committee on Homeland Security Chairman Andrew R. Garbarino (R-NY) and House Select Committee on China Chairman John Moolenaar (R-MI) launched a joint investigation into the national security and cybersecurity risks posed by the adoption of PRC-developed artificial intelligence models.

In his opening statement, Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andy Ogles (R-TN) highlighted the critical role of the Cybersecurity and Infrastructure Security Agency (CISA) in assessing how emerging technologies can strengthen the security and resilience of our critical infrastructure:

"CISA has a statutory authority under the Cybersecurity Information Sharing Act of 2015, operates the known Exploited Vulnerabilities Catalog, and serves as the lead civilian agency for critical infrastructure cybersecurity. How CISA fulfills its role under this order, especially in translating early model access into practical guidance and vulnerability remediation for critical infrastructure operators, will be a central oversight question for this subcommittee in the months ahead. To understand why that matters, consider that these models can now do until recently finding a serious unknown flaw is widely used software took skilled researchers months of painstaking work. Frontier AI models are collapsing that timeline."

"We now have models that can discover and exploit previously unknown vulnerabilities on their own at machine speed across the systems that run nearly everything in our economy… In the right hands, this is a powerful defensive advantage. In the wrong hands, it is a weapon. Imagine a Chinese state cyber actor, the kind already burrowing into our power grid and our water systems, armed with a model that finds and exploits unknown flaws faster than any human team alive. The danger does not stop at cyberattacks."

Subcommittee Chairman Ogles asked how to ensure state and local governments don't fall behind in cybersecurity as AI-powered security tools become increasingly sophisticated and more prevalent:

Ms. Joyce: "When we look at critical infrastructure and those individuals who are on the frontlines of providing services [day to day], water, electricity, we think it's really important that we are able to support them with the cybersecurity that they need. One of the ways that we think that can happen is through cybersecurity grants that are going to be able to provide the know-how and the funding. No frontline defender in critical infrastructure should be left to their own devices to go toe to toe with nation states and cyber criminals. So, we look forward to being a good partner in this, and we look forward to being supportive of American leadership in this space."

Mr. Cable: "If we look at the state and local governments, critical infrastructure owners and operators out there today, as you mentioned, there are many basic vulnerabilities that are on their networks that are open to exploitation from our adversaries… Ultimately, what many of these issues come down to is vulnerabilities in underlying software products in use by these entities, and my response to that is that these entities who produce these products in line with secure by design ought to be doing more to deploy frontier models in order to shore up the security of their products… I believe Congress has a role there as well, and this also underscores the passage of the PILLAR Act, in order to give necessary resources to state and local governments."

Rep. Vince Fong (R-CA) asked how private companies are working alongside the government to secure AI systems and mitigate risks, to which Ms. Joyce testified:

"We have already seen Russia, China, Iran, and North Korea, in some cases, trying to or succeeding in embedding themselves in our critical infrastructure. So, we know that this threat is happening. As we sit here today, we are looking at how these threat actors are embedding themselves. Groups from China, called Volt Typhoon, for example, have already demonstrated capability and intent in this space… When we find and get in - gain insights that we think will be helpful for defenders, particularly the ones who are in critical infrastructure, we publish those. We attempt to be very transparent about it, and so, as I said, you can look at our AI threat tracker that we have been publishing every quarter. We have years of AI threat reporting that we have done publicly to ensure that we're putting these insights out to those who need to use them."

Subcommittee Chairman Ogles asked about threats posed by AI tools developed by the PRC expanding into global markets, to which Dr. Meserole and Mr. Cable testified:

Dr. Meserole: "There's a lot more that I think needs to be done to be able to counter the use of adversarial distillation so that the capabilities of those models, if we're worried about them and the capabilities, we need to protect the integrity of the models we have and the capabilities we have by trying to prevent the distillation of American models by foreign linked actors in the first place, and I would encourage robust discussion on that front."

Mr. Cable: "The reason that companies today are using these models from China is because these models offer the best performance. Like I mentioned in my opening statement, there are no frontier open weight models from the United States, and there are use cases where as a company building AI systems, you want to be able to, for instance, fine-tune models to work best on your use case. I would argue that the best answer here is to foster an ecosystem of open weight models coming from the United States that have safeguards in place that can then become the norm by which others, whether within or outside the U.S., can build their technology, and that is where I think that we can counteract some of these other models by having a competitive ecosystem here."

Rep. Fong asked how the U.S. can avoid dependency on PRC-developed AI, to which Ms. Joyce and Dr. Meserole testified:

Ms. Joyce: "I don't think there's a prize for second place in the AI race, nor is there one in the quantum race. And AI, you know, American leadership in this space is truly critical… We understand that they are pre-positioned in our critical infrastructure, and the government has confirmed that there are no reconnaissance purposes for… The reason they're embedded in critical infrastructure is for a potential kinetic action in the future should they choose. So, I think that the leverage that would be gained by having this fundamental technology not be led by American innovation and democratic societies would truly be something that we simply cannot tolerate."

Dr. Meserole: "It used to be kind of let's say, a 12 to 18 month gap, in terms of when models would be released from the U.S. and the capabilities they had, and when you would see similar capabilities emerge elsewhere. You know, that trendline, I think, has collapsed down, you know, to four to you know, six months, something like that. In tandem with that collapse of timeline, we've also seen the emergence and articulation of a really robust ecosystem that has enabled the distillation of U.S. models. I don't think that those two facts are unrelated."

Subcommittee Chairman Ogles asked about malicious actors bypassing built-in safety guardrails in American AI through a method known as "jailbreaking," to which Ms. Joyce testified:

"Well, what we have observed in the underground, or what some people call the dark web, is that a whole marketplace of advertising for so-called jail breaks, you know, bots of different kinds. Something as low as $99 a month, you can go and get that… We're also seeing a lot more advancement with cybercriminals. They're doing things that, you know, [create] zero days. They're taking advantage of supply chain risks, cryptocurrency, so we're seeing a real vast marketplace of criminal enterprises, both with scams and with other elements."

###