For government agencies, the cybersecurity paradigm is undergoing a seismic shift. The traditional model—waiting for an attack, detecting the breach, and then scrambling to react—is fundamentally broken. It’s too slow, too resource-intensive, and consistently leaves organizations a step behind sophisticated adversaries.
With the recent Executive Order “Sustaining Select Efforts To Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” the Trump administration has signaled the continued need for U.S. federal agencies to embrace AI for cyber defense. As the U.S. government is looking to increase efficiency and more proactively counter cyber threats from nation-state and criminal threat actors, AI is being recognized as a crucial capability to help achieve these goals.
However, let’s be clear, AI is not here to replace the federal cybersecurity workforce, but to augment it by automating tasks that humans simply cannot perform at scale. Dataminr’s AI, including Intel Agents, handles the immense volume and velocity of public data to pinpoint emerging risks and deliver critical context. This frees cybersecurity professionals from overwhelming manual monitoring and data sifting, allowing them to focus their expertise on high-level analysis, strategic decision-making, and decisive action—ultimately making them more effective and efficient.
The future, demanded both by the threat landscape and strategic policy, is proactive defense. We must stop chasing threats and start getting ahead of them, using technology to anticipate and neutralize attacks before they can cause harm.
This proactive revolution is being fueled by the potent combination of artificial intelligence (AI) and the strategic analysis of publicly available data with creating more efficiencies in the federal cybersecurity workforce.
Escaping the Reactive Rut
Think about the traditional security operations center (SOC): analysts wade through floods of alerts, often generated after malicious activity has already occurred. They investigate indicators of compromise (IoCs) from past events, respond to firewall alerts triggered by active connections, and perform emergency patching after a vulnerability has been successfully exploited. This reactive cycle suffers from critical flaws:
- Always behind: Action only begins after the adversary has made a move.
- Analyst overload: Humans struggle to process the sheer volume and velocity of data and alerts.
- Inability to scale: Scaling defense means linearly adding personnel, raising cost.
- Missed threats: Subtle indicators or novel attack vectors are often lost in the noise until it’s too late.
- Lack of visibility: Reliance on third-party vendors to provide notice of cyber breach is not sufficient.
The Proactive Leap: AI and Publicly Available Data Enable Foresight
AI and publicly available data enable us to break free from this cycle by providing foresight:
- Anticipating adversary actions: Instead of waiting for IoCs, AI analyzes public data (dark web forums, social media, code commits, news) to understand intent and preparation. It identifies threat actors discussing targets, developing tools, or registering infrastructure before campaigns launch. This is about knowing what might happen, not just what has happened.
- Identifying vulnerabilities before exploitation: AI correlates known vulnerabilities (from public databases like CVE) with an agency’s likely technology footprint, which is visible through public records or passive scanning, predicting which weaknesses are most likely to be targeted next based on global threat trends seen in open data. This helps agencies fix the hole before the attacker finds it.
- Continuous third-party risk monitoring: AI continuously analyzes public data (threat actor forums, dark web chatter, vulnerability disclosures) for real-time indicators of threat actors targeting government supply chain partners. This allows for early detection of potential compromises or targeting intent aimed at exploiting third-party relationships to access government networks.
Technology-Enabled Preemption: Proactive Defense in Action
This foresight translates directly into automated, preemptive actions—the core of proactive defense:
- Proactive detection of third-party compromise vs. reactive incident response: Instead of reacting after an attack is launched from a compromised supplier, AI enables continuous proactively monitors public data—such as threat actor forums, C2 infrastructure analysis, breach chatter, and more—for real-time indicators that specific agency partners are being actively targeted or compromised as a stepping stone. Detecting this initial compromise activity or targeting intent lets the agency preemptively adjust security controls related to that partner (e.g., heightened monitoring, connection isolation) before the attackers can pivot to the agency network
- Preemptive blocking vs. reactive blocking: Instead of blocking an IP address after it attacks the firewall, AI uses predictive intelligence to identify malicious infrastructure (like fast flux networks) and automatically instructs security tools to block it before it can even launch an attack attempt.
- Proactive patching vs. emergency patching: Rather than scrambling to patch a system after detecting an exploit attempt, AI identifies when a vulnerability is being actively weaponized (based on public chatter/exploit sales) and triggers automated, prioritized patching before the agency is targeted
- Infrastructure takedown vs. post-attack cleanup: Instead of dealing with the fallout of a successful phishing campaign, AI identifies the malicious domain during setup and initiates automated takedown requests before it can defraud constituent services or employees.
Why Proactive AI is “Tech with People”
The administration’s focus on greater efficiency within government aligns perfectly with expanding AI’s role in cyber defense. This approach isn’t about replacing humans but leveraging AI to scale with people and resources. AI’s value lies in cutting through the noise, providing cybersecurity teams with the visibility and context they need to make critical decisions that only humans can.
- Machines can see patterns: AI platforms that have holistic views to not just help detect signals in the noise, but start to identify initial anomalous indicators within publicly available data sources
- Efficiency as a force multiplier: By handling the time-consuming work of identifying external risks, AI reduces resource strain on teams. This lets skilled personnel focus on high-value tasks like strategic planning, proactive risk management, and solving complex, unique challenges—ultimatly driving greater security outcomes without increasing headcount.
- Scalable defense through foresight: AI empowers teams to anticipate threats by analyzing massive datasets in real time. This helps security teams stay ahead of evolving risks, adapting faster than adversaries can.
- Human ingenuity at the forefront: While AI takes charge of repetitive, time-critical tasks, human teams bring creativity, judgment, and strategic insight to ensure precise, effective decision-making.
This collaborative approach transforms AI into a critical partner in cyber defense, helping government agencies strengthen security, scale resources, and maximize their existing capabilities for preemptive protection.
The Future is Proactive
For public sector organizations, particularly in the U.S. federal space, clinging to a reactive cybersecurity posture is no longer viable. The threats are too fast, the stakes too high, and the strategic direction clear. The proactive revolution, powered by AI analyzing open data to drive automated mitigation, isn’t just an improvement—it’s the necessary future.
It’s time for public sector organizations and agencies to fully commit to this shift by investing in the technologies and strategies that allow us to get ahead and stay ahead of cyber threats. This will enable us to truly defend our critical systems and public trust by stopping attacks before they occur.
