The Cybersecurity and Infrastructure Security Agency is heading into one of the most dangerous periods in its history with its smallest workforce and most minimal influence over federal cyber strategy, even as artificial intelligence models threaten to supercharge attacks on the nation's power grids, banks, and water systems.
Since the start of 2025, CISA has shed roughly one-third of its personnel through buyouts and cuts. The White House budget proposal for the next fiscal year would slash another $707 million and eliminate as many as 766 additional full-time positions. The agency created in 2018 to protect federal systems and critical infrastructure operators has been systematically hollowed out.
The damage runs deeper than spreadsheets. CISA's chief AI officer departed last year with no replacement hired. The agency was left out of early access to Anthropic's Mythos, an advanced AI model that other government agencies received. Personnel losses and institutional uncertainty have fractured relationships with private industry partners who normally share threat intelligence with the agency, leaving those companies unsure which CISA officials still have authority to receive sensitive information.
At the root of the shrinking lies a personal grievance. When President Trump thinks of CISA, he recalls former director Chris Krebs, who publicly defended the integrity of the 2020 election. That comment, more than anything else, triggered the cascade of cuts and the agency's demotion in White House cyber deliberations, according to sources familiar with Trump's perspective.
CISA's acting director Nick Andersen has attended early White House discussions about AI-driven hacking risks convened by the Office of the National Cyber Director, but his presence has been largely symbolic. Industry sources describe CISA as "at the table, not in the game" as the administration formulates its response to emerging threats.
A draft executive order on AI security, postponed from Thursday, proposed reassigning CISA's traditional central role in detecting and warning about exploitable software flaws. Under the new arrangement, CISA would work alongside the NSA and Treasury to coordinate a vulnerability clearinghouse rather than lead the effort independently. It is a bureaucratic demotion at a moment when the opposite is needed.
Former White House cyber coordinators and DHS officials say CISA should be shaping policy discussions about threats to critical infrastructure, not waiting for marching orders from the White House. Michael Daniel, who held the cyber coordinator position under President Obama, noted that CISA normally provides policymakers with ground-level knowledge of how the threat landscape is shifting and how industry is adapting. That bench strength no longer exists.
Suzanne Spaulding, who led the office that eventually became CISA during a previous administration, was direct about the problem. "CISA should not be expected to sit back and wait to be given marching orders," she said. "They need to be part of developing that plan, part of understanding the risk and figuring out how we address it."
A partial reversal may be underway. The agency's acting director recently told staff that CISA plans to recruit more than 300 new employees for positions deemed mission critical, according to reporting from Federal News Network. Whether that announcement signals genuine commitment or a modest course correction remains unclear.
The agency still has no permanent director. Sean Plankey withdrew from consideration for the post earlier this year, leaving the position vacant.
Senator Gary Peters, the ranking Democrat on the Senate Homeland Security Committee, sounded an alarm about the risks of CISA's weakening. "Starving CISA of personnel, resources and leadership in this high-stakes environment puts our homeland security and national defense at risk," he told Axios.
Author James Rodriguez: "Gutting the agency responsible for defending critical infrastructure because of a 2020 election comment is security malpractice, especially when advanced AI models are about to transform what cyberattacks can do."
Comments