These government leaders are charting the course for agencies’ IT modernizations, cybersecurity and AI futures in the era of government efficiency.
Learn how IT leaders are working to build a frictionless enterprise.
Mickey McCarter is managing editor of StateTech magazine.
Mickey McCarter is managing editor of StateTech magazine.
The rise of advanced artificial intelligence (AI) models capable of identifying software vulnerabilities at unprecedented speed may require a new level of coordination between government agencies, technology vendors and critical infrastructure operators, says Eric Wenger, senior director of cyber and emerging technology policy in Cisco’s Global Government Affairs organization.
“We’re accelerating the ability to look at stuff that would potentially be discovered over the next weeks, months, years, and then pulling that forward,” Wenger said in an interview with FedTech at Cisco Live 2026.
Wenger described a future in which AI dramatically compresses the timeline between vulnerability discovery and exploitation. In that environment, organizations may no longer have weeks or months to evaluate and apply security updates.
Instead, government and industry may need to work together to create new processes for prioritizing vulnerabilities, coordinating patch deployment and ensuring that defensive measures keep pace with increasingly capable AI systems, he said.
Cisco’s recently released “Shields Up” white paper outlines how organizations can prepare for AI-enabled cyberthreats and argues that existing cybersecurity best practices must be accelerated and applied at greater scale. The paper warns that advanced AI models could dramatically shorten the time between vulnerability discovery and cyberattack, placing new pressure on organizations to identify assets, prioritize patches and modernize legacy systems.
It also calls for closer coordination among technology providers, AI developers and government agencies to help defenders gain an advantage before similar capabilities become widely available to attackers.
Click the banner below to modernize your IT workplace.
Wenger says advanced frontier AI models are not necessarily discovering entirely new classes of vulnerabilities. Rather, they are finding existing flaws much faster than humans can.
That acceleration creates a challenge for both technology vendors and customers.
The result could be a surge of vulnerability disclosures and software updates arriving simultaneously from multiple vendors. Federal agencies, enterprises and critical infrastructure operators would then face difficult decisions about which vulnerabilities to address first and how quickly they could deploy patches across production environments.
Historically, organizations have relied on risk scoring systems that prioritize vulnerabilities based on severity rankings. However, Wenger said, that approach may become less effective if AI systems are able to chain together multiple lower-severity vulnerabilities to achieve critical outcomes.
Government could play an important convening role in that environment, he said.
Cisco believes there is an opportunity for federal leaders to bring together frontier AI developers, cybersecurity vendors and technology operators to establish processes for evaluating vulnerabilities, prioritizing remediation efforts and accelerating patch deployment.
“We need some greater coordination between the private sector, frontier model makers, companies that are using this to test their products and those who are going to be deploying the patches,” Wenger said.
The company also supports efforts to stage access to powerful cyber-focused AI models, giving defenders an opportunity to identify and remediate vulnerabilities before similar capabilities become widely available.
Cisco’s “Shields Up” paper echoes that theme, arguing that responsible disclosure practices and coordinated vulnerability management will become increasingly important as AI expands the scale and speed of security testing.
EXPLORE: Go from strategy to action with zero-trust networking.
While government can help organize a broader response, Wenger said, federal agencies must also address long-standing cybersecurity and technology modernization issues within their own environments.
One concern is the shrinking “mean time to exploit” — the period between when a vulnerability is publicly disclosed and when attackers begin exploiting it.
Wenger cited Cisco data that shows that timeline has fallen from approximately 63 days in 2018 to five days in 2023 and now measures less than a day in many cases. With AI-assisted vulnerability discovery continuing to improve, he suggested, that timeline could shrink further, increasing pressure on agencies to automate patching and modernize aging systems.
As that window continues to narrow, agencies may need to rethink traditional patch management and authorization processes.
Wenger pointed specifically to FedRAMP as an area where modernization could help accelerate security improvements.
“If you have something that’s going to be closing a vulnerability, you shouldn’t have to go back through a whole FedRAMP authorization process in order to be able to take care of fixing the problem,” he said.
He also highlighted recent federal efforts to identify unsupported and end-of-life technologies across agency environments. Asset inventories, firmware updates and lifecycle management programs will become increasingly important as AI-enabled tools make it easier to identify exploitable weaknesses in aging systems.
Federal agencies must first understand what technology they have deployed before they can effectively manage cyber risk, Wenger said.
“We’re never going to make progress against the problem if we don’t have any understanding of how big it is,” he said.
DIVE DEEPER: How agencies are navigating machine identity management.
Despite growing attention on AI-powered cyberattacks, Wenger said, the most effective defenses remain familiar ones.
Zero-trust architectures, least-privilege access controls, multifactor authentication, network segmentation and strong asset management practices continue to provide meaningful protection against both traditional and AI-enhanced threats.
That conclusion is also central to Cisco’s “Shields Up” guidance. The white paper argues that organizations should focus on accelerating adoption of proven cybersecurity controls while also exploring AI-powered defensive capabilities that can help protect legacy infrastructure and automate security operations.
AI is largely exposing weaknesses that already exist rather than creating entirely new attack categories, Wenger said.
The challenge for government agencies is that those weaknesses can now be discovered and exploited much faster.
“The kinds of things that you can do to reduce blast radius by isolating and segmenting, so that if something gets popped, you don’t have other things near it get popped — that’s always been good advice,” Wenger said. “But it’s all the more so at this moment.”
Security
Machine Identity Management: The Nonhuman Side of Federal Zero Trust
Artificial Intelligence
How Compute and Storage Infrastructure Support Federal AI Adoption
Visit Some Of Our Other Technology Websites:
Tap into practical IT advice from CDW experts
Copyright © 2026 CDW LLC 200 N. Milwaukee Avenue, Vernon Hills, IL 60061
Do Not Sell My Personal Information
