Smart Data and Zero Trust: Staying Ahead of AI-Driven Threats

Artificial intelligence is transforming cybersecurity— both as a tool for attackers and a defense mechanism for state and local governments. As government agencies integrate AI and machine learning (ML) into their workflows and mission operations, adversaries are doing the same, using AI to increase the sophistication of their ransomware attacks and phishing campaigns.

A recent EY public-sector-focused survey revealed that over half (51 percent) of respondents report using an AI application either daily or several times a week. Without a proper security strategy in place, sensitive citizen data can be exposed and retained by third-party AI models or be used to train external systems.

HOW AI ATTACKS HAVE EVOLVED

Adversaries are leveraging AI to transition from broad ransomware attacks and phishing campaigns to more highly targeted social engineering tactics that exploit human error. Years ago, phishing campaigns were easy to spot: awkward phrasing, poor grammar, and clunky formatting, such as starting off an email or text with “Hello, dear.” But AI has changed that. Today, AI can generate perfectly worded, context-aware messages that mimic someone’s tone, cadence, and writing style. The idea that the problem is due to an "irresponsible user" is no longer true. The sophisticated phishing attacks can fool even veteran cyber professionals.

This evolving threat landscape is particularly concerning for state and local governments. A recent report by the Multi-State Information Sharing and Analysis Center revealed that state and local communities are facing a rise in cyber threats from criminal groups and those associated with nation-states. With their responsibility for essential public services and vast stores of sensitive data — from emergency response to public health and municipal finance — state and local governments are lucrative targets for threat actors aiming to cause widespread disruption. Knowing agencies are under pressure to restore services quickly, they exploit that urgency to demand payment. Even with backups, actors can escalate attacks by stealing and leaking sensitive government data to force ransoms. Most agencies operate with limited resources and aging IT infrastructures that lack modern security protections, including VPNs, making it challenging for agencies to maintain security and thereby more vulnerable to attacks.

COMBATTING AI-DRIVEN THREATS

To keep up with these threats, state and local agencies must strengthen the most critical part of their security strategy: their data. AI and ML tools can help identify and respond to risks faster, but only if the data behind them is accurate and trustworthy. Bad data leads to bad decisions: It can throw off threat detection, misguide automated systems and create vulnerabilities that attackers are ready to exploit. For example, some agencies only use intrusion prevention systems (IPS) to watch for threats instead of stop them, often because they don’t trust the tools to make the right decisions, fearing that poor or incomplete data could lead to false positives or missed threats. This cautious approach reflects a deeper issue: When data isn’t clean, comprehensive or reliable, it undermines confidence in automated systems and ultimately weakens cybersecurity defenses. For AI to truly support defense, agencies must treat clean, reliable data as a core security asset.

In addition to that, agencies must adopt a security model that ensures agility and visibility into critical systems, prevents lateral movement, detects threats, and contains breaches. Enter zero trust.

Zero trust is a security model that eliminates implicit trust by not only verifying users both outside and inside the network but ensuring users only access what they need, unlike traditional perimeter-based monitoring efforts. Even if attackers gain entry, they are blocked from moving deeper into systems, accessing high-value assets and exfiltrating data by leveraging microsegmentation capabilities. With real-time inspection of encrypted traffic, microsegmentation helps stop ransomware before it spreads — containing operational disruptions and increasing resiliency.

To build a zero-trust architecture and microsegmentation capabilities, agencies must identify the following:

• What is the attack surface?
• Where are the places your agency might be the most vulnerable?
• What servers are not patched?
• What are the agency’s high-value assets?

Within the zero-trust model, AI accelerates key processes, including implementing day-one policies: predefined security rules and access controls enforced immediately when a user, device or application first connects to a network or system. With the right data, both government and industry can optimize AI to deliver actionable insights, enabling proactive defenses against evolving cyber threats.

Threat actors will not wait for governments to be ready to defend themselves; they will attack now, when agencies are unprepared and at their most vulnerable. Keep in mind that we now live in a world where if you’re reachable, you’re breachable. But by prioritizing good data, and embracing AI, zero trust, and microsegmentation security measures, governments can stay ahead of adversaries, safeguard critical citizen services and bolster security protections.

Hansang Bae is the public sector chief technologist at Zscaler where he supports public-sector organizations in their mission to transform and modernize securely.