AI cyber risks, China concerns dominate US hearing
Washington, June 7
Artificial intelligence is dramatically changing the cybersecurity landscape, creating powerful new tools for defence while also giving criminals and hostile states new ways to attack critical infrastructure, technology experts and lawmakers warned during a US Congressional hearing.
The hearing came days after President Donald Trump signed an executive order directing federal agencies to develop a framework for evaluating advanced AI cyber capabilities and expanding access to frontier AI models for government and critical infrastructure operators.
Experts told members of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection that AI is accelerating the discovery of software vulnerabilities, increasing the speed of cyber attacks and intensifying competition between the United States and China.
"These models are already reshaping the threat landscape, and the federal government cannot be the last to understand what they can do," Subcommittee Chairman Andy Ogles said.
Sandra Joyce, Vice President of Google Threat Intelligence Group, said AI is already being used by cyber criminals.
"Those concerns were validated recently when we discovered evidence for the first time that AI was used to develop a zero-day exploit by cyber criminals," Joyce testified.
She said attackers are increasingly using AI to identify vulnerabilities and move through networks faster than traditional security teams can respond.
"Threat actors are able to move rapidly before and after gaining access to a network using AI. They can take advantage of vulnerabilities faster than we can patch, and they can move rapidly through networks using autonomous agents," she said.
Chris Meserole, Executive Director of the Frontier Model Forum, said advanced AI systems present both opportunities and dangers.
"An agent that finds zero-day vulnerabilities can protect us in the hands of a defender but expose us in the hands of an attacker," he said.
Meserole warned that foreign competitors could use a technique known as "adversarial distillation" to replicate the capabilities of advanced AI systems while stripping away safety protections.
"Foreign actors can use distillation to accelerate their own AI development and leverage the capabilities they gain against US critical infrastructure," he said.
Jack Cable, Chief Executive Officer of Corridor Security and a former adviser at the Cybersecurity and Infrastructure Security Agency, said AI is increasing both the scale and speed of cyber risks.
"The central challenge is not that AI creates new categories of vulnerabilities. It's that AI dramatically increases the speed and scale at which vulnerabilities can be introduced, found, and exploited," he said.
Cable argued that governments and companies should focus on preventing vulnerabilities before software is deployed rather than relying solely on fixing problems after they are discovered.
China emerged repeatedly during the hearing as lawmakers questioned witnesses about the growing global influence of Chinese AI models.
Witnesses warned that low-cost Chinese AI systems could become widely adopted across software development, cloud computing and critical infrastructure if the United States fails to remain competitive.
"I don't think there's prize for second place in the AI race, nor is there one in the quantum race," Joyce said.
She said Chinese cyber groups have already demonstrated their ability to infiltrate critical infrastructure networks, making AI leadership a matter of national security.
Democratic lawmakers raised concerns about privacy, surveillance and civil liberties. Matthew Guariglia, a senior policy analyst at the Electronic Frontier Foundation, cautioned that AI could significantly expand government surveillance capabilities unless accompanied by stronger safeguards and transparency requirements.
— IANS
Reader Comments
As someone working in cybersecurity in Bangalore, I completely agree with the experts here. AI is making attacks faster and more sophisticated. But I wish the hearing also discussed how developing countries like India can protect themselves without depending entirely on US or Chinese tech. We need our own AI security frameworks.
The "zero-day exploit developed by AI" part is terrifying. If cyber criminals can now use AI to find vulnerabilities we don't even know about, we're in for a tough time. India needs to invest heavily in AI-based defense systems, not just for the military but for our banking and healthcare infrastructure as well.
Good hearing but I wish they covered more about privacy implications. The lawmaker's concern about surveillance is valid - AI can be a double-edged sword. In India, we've seen how digital tools can be misused for surveillance without proper safeguards. Need strong transparency requirements like the experts suggested.
Very telling that China keeps coming up. We in India see this firsthand - our tech sector is caught between US and China competition. The "adversarial distillation" technique is worrying - if Chinese companies can replicate advanced AI without safety features, it's a global security issue, not just for US. Time for international cooperation on AI safety standards.
What about the human cost? As AI takes over cybersecurity jobs, millions in India's IT sector will be affected. We're already seeing layoffs in tech. Need policies for retraining and upskilling, not just debates about China vs US. Also, the focus on stopping attacks before deployment is smart - prevention is better than cure.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.