Supercharged Threats, Automated Defenses: AI's Double-Edged Sword

The Executive Order on Advanced AI Innovation and Security: What Businesses Need to Know

In this episode of AI Security and the Law, hosts Stephen Lilley and Veronica Glick sit down with Daniel Castro, President of the Information Technology and Innovation Foundation (ITIF), to unpack the latest executive order on artificial intelligence and cybersecurity. The conversation explores how AI is fundamentally changing the economics of cyberattacks, making it cheaper and easier for threat actors to exploit longstanding vulnerabilities at scale, and what the federal government's response means for critical infrastructure operators, state and local authorities, and private sector businesses alike. Castro offers insights on the executive order's three operative sections, including efforts to upgrade federal systems, the voluntary 30-day review process for frontier AI models, and the prioritization of criminal prosecution of AI-enabled cyber threats. The episode also touches on the broader policy landscape, including the bipartisan Great American AI Act, underscoring that this is a rapidly evolving area with significant implications for global businesses.

Supercharged Threats, Automated Defenses: AI's Double-Edged Sword

In this kickoff episode of AI Security and the Law, hosts Stephen Lilley and Veronica Glick welcome cybersecurity leader Jeff Greene of Civira Partners—a veteran of DHS' Cybersecurity Infrastructure and Security Agency, the National Security Council in the White House, NIST, the Senate, and various private sector roles—for a wide-ranging conversation on AI and security. They discuss implications for businesses of AI models enabling vulnerability exploitation at unprecedented speed and scale; meeting the moment through rapid AI adoption while limiting security debt and associated legal risks; and why foundational cybersecurity practices and resilience remain critical even as companies manage distinctive threats to AI tools. While expecting the cat-and-mouse dynamic between attackers and defenders to continue, Jeff argues that organizations should prepare to cede more decision-making to automated defenses that operate at machine speed and adjust their cybersecurity programs to meet this new reality.