[{"_1":2,"_111":-5,"_112":-5},"loaderData",{"_3":4,"_26":27},"root",{"_5":6,"_17":10,"_18":19,"_20":21,"_22":10,"_23":-5,"_24":-5,"_25":10},"user",{"_7":8,"_9":10,"_11":10,"_12":-5,"_13":-5,"_14":15,"_16":-5},"roles",[],"isAuthenticated",false,"isPremium","planName","subscriptionStatus","featureFlags",{},"insightsBudget","isDevelopmentHost","userPreferences",{},"recaptchaSiteKey","6LcvOJcUAAAAAHsB-gPGfGktcRlKpH7OTIU_dMTD","isImpersonating","impersonation","affiliateStatus","isFreedomPortal","routes/v2/article/layout",{"_28":29,"_30":31},"notFound",true,"relatedArticles",[32,75,87,99],{"_33":34,"_35":36,"_37":38,"_39":40,"_41":42,"_43":44,"_45":46,"_47":48,"_49":50,"_51":52,"_53":54,"_55":56,"_57":58,"_59":60,"_61":62,"_63":64,"_65":66,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},"mediaId",6201752,"mediaKeyId","3789115-1a1296c5ffa2a560bdc2a925f5f0d564","parentId",3789115,"title","Rep. Higgins presses witnesses on risk when equity firms buy small infrastructure firms and drop cybersecurity","audioSeconds",283,"startMs",2529000,"endMs",2812000,"viewUrl","/Search/View?dp=1&key=3789115-1a1296c5ffa2a560bdc2a925f5f0d564&start=2529&end=2812","thumbnailUrl","https://assets.pipeline.soar.com/3789115-1a1296c5ffa2a560bdc2a925f5f0d564/thumbnail_2529000.jpg","articleUrl","/articles/6201752/Rep-Higgins-presses-witnesses-on-risk-when-equity-firms-buy-small-infrastructure-firms-and-drop-cybersecurity","mediaUrl","https://secure.pipeline.soar.com/6201752-ae8bac0d518c86e892d834306c22961b/orig.mp4?Expires=1770399880&Signature=QJuxBy05WIW1nqiV~w5FBzavpYRa9NUppGI8q6qJ8xdxRg61QROs~TXAnphwqhr3c5JJ345s-iBNdYobqrE3LopNbz3febOkFWqCe2B8zg2FS5QDb3R8auZ3gaQNcTVDtu77hX2YGDNUmBprTaIOtBIwO0c1kduUc4lb3ja4dWMxEiGQdBy6ir41bV-UEcXiyw1ml-qG9ipcy8V~cVVPTqpApNE-REUpBAdGeZv7L4DSKM-aDOfCGSt8pTotBl5eDMRCGOw0d1Zq~gkv7lkmm05-EWoSoEzlL9UY~KWXCxFqxnyyGmcqyBNY8KYGExBtZiyREMqIlqpVM5bRrG9KVw__&Key-Pair-Id=KUT5TJCACFTXG","author","U.S. House Committee on Homeland Security","date","2025-06-13T03:36:45Z","article","Representative Clay Higgins told the House Homeland Security Subcommittee he is investigating reports that equity firms buying small companies connected to critical infrastructure sometimes eliminate cybersecurity protections, creating windows of vulnerability that could be exploited by foreign or criminal actors.

Higgins described the pattern he said he has observed: firms purchase smaller companies in sectors such as energy, finance, transportation and supply chain, and some new owners reportedly “eliminate the cybersecurity contracts of those companies.” He asked witnesses whether the loss of protections for weeks or months after an acquisition could have irreversible impacts on critical infrastructure.

Steve Fale of Microsoft replied that removing cybersecurity protections from companies tied to critical sectors is “absolutely…a problem” and indicative of a broader inattention to cybersecurity among smaller firms. Kiran Chinnagongon Nagari of Securin echoed the concern, saying “there's a huge security risk by having these type of protections taken away from small businesses when they're either acquired or merged with other companies,” and that such companies can provide an “attack vector” to reach critical-sector customers, including government.

Witnesses did not propose specific statutory remedies during the hearing. Members asked for written follow-up and emphasized the need for better oversight and support for small firms that are part of critical supply chains. The committee did not take formal action during the session.","mediaType","Video","parentTitle","Security to Model: Securing Artificial Intelligence to Strengthen Cybersecurity","oneSentenceSummary","Rep. Clay Higgins asked industry witnesses whether the common private-equity practice of buying small infrastructure firms and cutting cybersecurity contracts poses long-term national security risks; witnesses agreed it creates significant vulnerabilities that can be exploited by threat actors.","taxTitle","Homeland Security: House Committee, Standing Committees - House & Senate, Congressional Hearings Compilation, Legislative, Federal","taxId",1831,"location","","headline","shortSummary",{"_33":76,"_35":36,"_37":38,"_39":77,"_41":78,"_43":79,"_45":80,"_47":81,"_49":82,"_51":83,"_53":84,"_55":56,"_57":58,"_59":85,"_61":62,"_63":64,"_65":86,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6201757,"Witnesses urge red-teaming, shared datasets and secure-by-design standards for AI used in government systems",1559,3465000,5024000,"/Search/View?dp=1&key=3789115-1a1296c5ffa2a560bdc2a925f5f0d564&start=3465&end=5024","https://assets.pipeline.soar.com/3789115-1a1296c5ffa2a560bdc2a925f5f0d564/thumbnail_3465000.jpg","/articles/6201757/Witnesses-urge-red-teaming-shared-datasets-and-secure-by-design-standards-for-AI-used-in-government-systems","https://secure.pipeline.soar.com/6201757-91121b22a1507b1721e06d3800e3b254/orig.mp4?Expires=1770399880&Signature=iw11IwjqbYuzK63GdbNGjBxGLBcsNwk7FxHXOvc8ZjK5ebfYUUPmi3B4cDbQSBI5AlYH17VMezOHU09F35b1gzJQBukkUWvQDauVNMUZiJ8hqz9vqr7tfJiqs2DWX-TqJMbN-xwVan7vxr3ded48Nu7OHhoy2Z73PJi4ShLhv2DJG1BJkE0Ohvf0gtLfF5OF~QuGd1XIIxz1h6R0T~HfgNf50cyYHm28jzN9LzO81y0sPlFCWPY-eCIrKikAzg8C-oHhcYF3hSvtUd08HL6MdJc7jwmOBuv3wDipvNP2ez4hIwjE4ZUWeg~P1wwGVf6o0z3ILInNSN3o9yc-EO1IFA__&Key-Pair-Id=KUT5TJCACFTXG","Witnesses before the House Homeland Security Subcommittee recommended a coordinated program of red teaming, shared benchmark datasets, and secure-by-design requirements to help federal agencies and private-sector customers evaluate AI security without exposing sensitive production data.

Jonathan Danbrodt, CEO of Cranium, described his company’s red‑teaming platform, saying it allows developers to “pull [a system] into a place where we can simulate that system, attack it, provide vulnerability mitigation support, and then make sure that that system, whether it's preproduction or postproduction, is being monitored.” Danbrodt said red teaming should be scalable and integrated into development workflows.

Multiple witnesses supported the idea of public datasets and synthetic-data pipelines to enable benchmarking and validation. Steve Fale of Microsoft cited benefits from common datasets for comparison and testing, referencing NIST benchmarking activity as an example that “fuels innovation.” He noted agencies are often hesitant to provide production data for testing and recommended common benchmarks and synthetic data where necessary.

Kiran Chinnagongon Nagari proposed a transparency model akin to labeling for consumer products: “When you buy food or when you buy a drug, there is label and ingredients on it. You know exactly what you're consuming, so you know what the impact of it is. We need a similar one for AI, understanding the entire bill of materials, including the data.”

Witnesses also discussed secure hosting and access controls, with Microsoft stressing default secure-by-design choices in platforms such as Azure AI Foundry and Copilot Studio to help prevent accidental data exposure. Gareth McLaughlin and others emphasized that model outputs and prompts should be treated as potentially untrusted and instrumented for monitoring.

Members asked about legal protections for red-team researchers and whether the federal government should fund or enable red-teaming and benchmarking programs. Witnesses recommended clearer acquisition models, workforce readiness programs, and technical support to allow agencies to adopt secure AI tools confidently.","Witnesses told the House subcommittee that red teaming, transparency about training data, common benchmarks and secure-by-design practices are essential for trustworthy AI in federal systems and for enabling agencies to assess products without exposing sensitive data.",{"_33":88,"_35":36,"_37":38,"_39":89,"_41":90,"_43":91,"_45":92,"_47":93,"_49":94,"_51":95,"_53":96,"_55":56,"_57":58,"_59":97,"_61":62,"_63":64,"_65":98,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6201761,"Industry witnesses tell House panel AI can scale cyber defense; vendors cite steep efficiency gains",164,1634000,1798000,"/Search/View?dp=1&key=3789115-1a1296c5ffa2a560bdc2a925f5f0d564&start=1634&end=1798","https://assets.pipeline.soar.com/3789115-1a1296c5ffa2a560bdc2a925f5f0d564/thumbnail_1634000.jpg","/articles/6201761/Industry-witnesses-tell-House-panel-AI-can-scale-cyber-defense-vendors-cite-steep-efficiency-gains","https://secure.pipeline.soar.com/6201761-eef3e1361bff752ca1a4cce2fcbb49b4/orig.mp4?Expires=1770399880&Signature=c38GXZi6aBFJgV7GbbR7AI1GXWiclGRhVaRo9KTqc0iSEA0ADqRfFCbtiR51J-yU~bPqtZSk2B8SFllMccr6EdL9kq7dvLuBl6Y1F41HKCLVYl~oxOczt9L4QCA0PZz4zLuFRM186XIR8npDzL1aJgcWgZFEi7Y17yAMKre7LtWTMFiylK~KqI09EQZX9GU-p0YNB7wRniYFxXoS4rwSd78H0cRSHr1DpIqATaijtP-irxF5I4ElnqiYBjPrhU-cNQrJqkdh67jfhyRvg5lHwieUsTwxx0fuVe3GqOtVbhujJklXK7hgEaDjWDoLitwFJERJ76KXigvnASddoYWEMA__&Key-Pair-Id=KUT5TJCACFTXG","Industry witnesses told the House Homeland Security Subcommittee that integrating artificial intelligence into cybersecurity operations can scale defenses and reduce human workload, but they cautioned that models and agentic systems require secure design and human review.

Steve Fale, Microsoft’s U.S. government security leader, said Microsoft protects customers from “more than 600,000,000 cyber attacks per day” and that the company has seen large gains from AI tools in operations. “As a result, we've seen a 34% decrease in mistakes, a 17% decrease in breaches, and a 30% faster time to incident resolution using this technology,” Fale said, citing results from Microsoft’s security copilot deployments.

Fale described an investigative example in which a prior, human-led inquiry cost “$640,000,” and Microsoft’s generative-AI–led approach achieved “the same result in an AI led investigation for only $80,” which he characterized as an “8,000 time increase in throughput.” Fale emphasized that human analysts still review AI outputs and that adoption must be paired with secure hosting and controls.

Gareth McLaughlin, chief product officer at Trellix, described agentic AI in security operations. He said Trellix uses commercial models and “builds our own frameworks to make sure we use those securely and safely.” McLaughlin said agentic systems can prepare investigative evidence before analysts arrive and that, in customer deployments, “the application of agentic AI effectively is a tenfold increase in the security operations capability that they have.” He added that his company “always distrust[s] it until proven otherwise” and keeps humans in the loop to verify outputs.

Kiran Chinnagongon Nagari of Securin emphasized that model capability increases attack surface and that “models with high reasoning capability are paradoxically more exploitable,” arguing for robust model security and adversarial testing before deployment.

Witnesses described both tactical uses—such as automated domain spoof detection that Fale said can reach “greater than 99% accuracy detecting these domains immediately”—and broader operational benefits for smaller security teams. At the same time, witnesses warned of new classes of threats, including AI-assisted phishing, deep fakes and polymorphic malware.

Committee members recorded these vendor claims and asked for written follow-up. The hearing included no votes on procurement or adoption; members asked witnesses to provide additional detail in the written record.","Microsoft, Trellix and other vendors told the House Homeland Security Subcommittee that AI tools can markedly improve detection and response, offering example metrics and use cases while cautioning that AI requires secure design and human oversight.",{"_33":100,"_35":36,"_37":38,"_39":101,"_41":102,"_43":103,"_45":104,"_47":105,"_49":106,"_51":107,"_53":108,"_55":56,"_57":58,"_59":109,"_61":62,"_63":64,"_65":110,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6201766,"House Homeland Security hearing: witnesses urge federal baseline and enforceable AI guardrails to protect cybersecurity",648,961000,1609000,"/Search/View?dp=1&key=3789115-1a1296c5ffa2a560bdc2a925f5f0d564&start=961&end=1609","https://assets.pipeline.soar.com/3789115-1a1296c5ffa2a560bdc2a925f5f0d564/thumbnail_961000.jpg","/articles/6201766/House-Homeland-Security-hearing-witnesses-urge-federal-baseline-and-enforceable-AI-guardrails-to-protect-cybersecurity","https://secure.pipeline.soar.com/6201766-b459e4586921584936257f0f0908fbb4/orig.mp4?Expires=1770399880&Signature=kGiXI7X-VDvXtCmFlSx7y0MW09xrO5wZaWRpQNYnxZHiPrtAmVHjWKB4B2n4ovU696oyWV4fW8Ub2dObIojxsGDxUNZCr3LsJM4MxGkiTFX0okF~JwHHWkGjWy6CFmj-AdF492dGyGbZlTGTAIWv84~CX3C42HaJUTw~7xl5H24MaZacUGCt1815k6acCfDOx0CAuzYkycWDmIN2hfQ9cc6CkzmaWaDQ21bX76l3Ry3e2afpE88Q0Ek4UfofccG7Ewys4ZwY4SZp2HkJuA5gNPFtnP~cKnukTk0ERqTqL9heTH-NayLbdU-Aqrrkxi-m-C1HYdHphfVXIWJMNfOHfw__&Key-Pair-Id=KUT5TJCACFTXG","Witnesses testifying before the House Homeland Security Subcommittee on Cybersecurity Infrastructure Protection on Oct. 11 urged Congress to establish a federal baseline for securing artificial intelligence systems and called for enforceable guardrails to keep pace with rapidly evolving threats.

The hearing examined how AI systems can be secured, the risk posed by adversaries who use AI tools and how AI can strengthen cyber defense. Chairman Garbarino opened the hearing and said members would examine “the nexus between artificial intelligence or AI and cybersecurity.”

The core argument from several witnesses was that AI security cannot be left to a patchwork of state rules. Kiran Chinnagongon Nagari, cofounder and chief product and technology officer at Securin, told the subcommittee: “Securing AI models is not just about protecting algorithms.” He argued that model vulnerabilities become broader societal vulnerabilities as AI is embedded in health care, critical infrastructure and the economy. Nagari recommended a federal baseline “much like PCI or HIPAA developed in partnership with state, setting minimum standards by allowing for regional adaptation.”

Steve Fale, Microsoft’s U.S. government security leader, said the speed of adversary adoption requires urgent policy action. “There is no way to tackle this urgent national security issue without organizations, including the federal government, immediately embracing AI,” Fale said, while also urging secure-by-design approaches and workforce readiness to accompany adoption.

Jonathan Danbrodt, CEO and cofounder of Cranium, described the need for continuous, lifecycle security and governance: “Security should be treated as a first class concern in model design and training just as performance or accuracy is.” He warned that agentic systems—AI agents that take actions autonomously—introduce a new class of security risk and must be covered by lifecycle protections.

Several witnesses contrasted different policy approaches internationally and warned about a competitive dimension. Nagari said Chinese models often prioritize speed and scale while western models “tend to prioritize security and transparency,” a trade-off policymakers must weigh. Multiple witnesses recommended enforceable guardrails that can be updated as models evolve.

The committee also heard concerns about talent and capacity to secure AI. Chairman Garbarino said he had recently heard of “some of our best cybersecurity experts being directly approached by foreign leaders and being offered visas and funding for their research,” and warned of a potential “brain drain” from agencies including CISA, NIST and NSF. Witnesses echoed the urgency of workforce development and retention as part of a federal strategy.

Members noted existing federal tools and programs as models for a baseline but pressed witnesses on design and implementation. Several witnesses recommended transparency about model training data and a “bill of materials” to help purchasers and agencies evaluate AI products’ security posture. Danbrodt and others endorsed lifecycle governance, continuous monitoring and enforceable testing requirements.

The subcommittee left the record open for additional written testimony and asked witnesses to respond to follow-up questions. The hearing did not result in votes or specific legislation; members urged further work on a federal framework that can be coordinated with states and updated as AI evolves.","Witnesses at the House Homeland Security Subcommittee hearing urged Congress to establish enforceable federal baseline standards for AI security, warning that adversaries already weaponize AI and that fragmented state rules risk leaving gaps in national cyber defenses.","actionData","errors"]

Article not found

Rep. Higgins presses witnesses on risk when equity firms buy small infrastructure firms and drop cybersecurity

Witnesses urge red-teaming, shared datasets and secure-by-design standards for AI used in government systems

Industry witnesses tell House panel AI can scale cyber defense; vendors cite steep efficiency gains

House Homeland Security hearing: witnesses urge federal baseline and enforceable AI guardrails to protect cybersecurity