The biggest threat to artificial intelligence (AI) in government isn’t hype – it’s inertia. As Federal agencies explore opportunities to integrate AI into mission operations and citizen service functions (alongside efforts to improve efficiency and reduce costs), they face roadblocks: leadership gaps, legacy infrastructure, and cybersecurity risk management bottlenecks.
A new study from MeriTalk, Tech Tonic: 2025 Federal CAIO Outlook, highlights a widening gap between ambition and execution. While AI use cases across government have doubled in the past year, many agencies are still stuck in pilot mode – hamstrung by limited authority, underfunded initiatives, and a narrow focus on governance. For cybersecurity leaders, that gap represents more than a missed opportunity. It’s a growing risk vector that demands increased attention as AI initiatives move forward.
“AI presents a transformative opportunity for government to lead with resilience and innovation by incorporating security at every stage. For effective adoption of AI in cyber operations, we must stay ahead of increasingly sophisticated cyber threats. Thus, it is imperative that pilots move to production so that challenges with operationalizing AI are addressed swiftly and proactively. Meanwhile, by empowering CAIOs, investing in powerful infrastructure, and taking a security-first approach, agencies can scale responsibly and deliver real mission impact.” – Dean Koester, Public Sector Vice President, NVIDIA
AI Cyber Risk – and Responsibility – Are Mounting
Federal Chief AI Officers (CAIOs) overwhelmingly agree on the transformative potential of AI – 85% say it will transform agency operations by 2030. But cybersecurity and risk management have become central to the AI conversation: 57% of CAIOs rank implementing security, privacy, and risk management as a top-three priority for 2025.
Additionally, just 29% of CAIOs say they currently have the authority needed to advocate for meaningful change. And 66% report their agency lacks the infrastructure, talent, and funding to meet AI goals.
These shortfalls can significantly impact cyber posture. Unsecured models, unvetted tools, and fragmented governance all increase the surface area for attack. With more AI tools in play, the risk isn’t abstract – it’s operational.
Growing Governance Alongside Execution
CAIOs report strong internal backing for AI governance and compliance – currently their most supported initiative area. But support drops off sharply for more strategic needs. Scaling infrastructure and computing, expanding AI talent, and strengthening interagency collaboration all rank as some of the lowest on the leadership support scale – even though they’re critical for secure implementation.
The takeaway is clear: governance isn’t just red tape – it’s the roadmap. But without infrastructure and talent to execute, that roadmap leads nowhere.
Security Starts with Authority
The report highlights a leadership paradox: while 88% of CAIOs hold multiple titles, 100% say the CAIO role should be full-time and stand-alone. Lack of structural authority is slowing progress – and cybersecurity is caught in the fallout.
Agencies operating in compliance-first mode may appear risk-aware, but there are blind spots – pilot tools that aren’t hardened, AI services without defined ownership, and models that operate outside enterprise visibility. As AI use grows, so does the risk of unmanaged endpoints and shadow AI.
Scaling AI Without Breaking Trust
Agencies that have started scaling AI are seeing results. But these scaling efforts should include foundational cybersecurity planning, from the onset – and as use cases increase in complexity.
Integration with legacy systems remains a major challenge, with 50% of CAIOs citing it as a top barrier. That’s a critical inflection point: every legacy interface added to an AI implementation increases the likelihood of vulnerability. And as data quality and accessibility issues persist – identified by 67% of CAIOs – AI tools may be built on shaky ground, further compounding cybersecurity concerns.
“Embedding security into AI from the beginning isn’t optional; it’s the foundation for resilient and transformational outcomes. For federal agencies to scale AI responsibly, robust, scalable infrastructure and proactive security measures must go hand in hand. At Dell, we’ve witnessed how public-private collaboration can bridge the gap between AI’s promise and secure implementation, unlocking value while mitigating risk. By prioritizing data quality and protection, accessibility, and integrated safeguards, we can build resilient AI systems that empower governments to lead with confidence, trust, and a commitment to delivering meaningful impact.” – Bobbie Stempfley, Vice President and Business Unit Security Officer, Dell Technologies
Action Items for Cyber Leaders
The road to secure, scalable AI isn’t just a technology problem, it’s an organizational one. To move forward safely, cybersecurity and IT leaders can take steps including:
- Assert joint ownership of AI security architecture. Integrate CAIO efforts with enterprise security teams from day one – not after a tool is deployed
- Advance zero trust principles into AI deployments. AI tools must meet the same access control, segmentation, and continuous verification standards as other digital assets
- Push for infrastructure modernization as a security imperative. Cyber risk multiplies when outdated systems are forced to host next-gen tools. Modernizing backend environments isn’t just about performance – it’s about protection
- Invest in AI-specific workforce training. Threat modeling, red teaming, and AI system auditing require specialized skills that most cyber teams don’t yet have
- Close governance gaps with transparent workflows. Use standardized pipelines and approval gates for AI tool development, deployment, and updates
The AI opportunity is real. Hardened infrastructure and security-first execution will deliver against this once-in-a-generation opportunity and deliver real mission impact.
Read MeriTalk’s full 2025 Tech Tonic: Federal CAIO Forecast
About the Author
The voice of tomorrow’s government today, MeriTalk is government IT’s top digital platform. Our award-winning editorial team and world-class events and research staff produce unmatched news, analysis, and insight. The goal: more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts. For more information, visit www.meritalk.com or follow us on X, @MeriTalk. MeriTalk is a 300Brand organization.
