Congress Examines AI Cyber Threats to Critical Infrastructure

A House Homeland Security subcommittee convened on June 4 to examine how artificial intelligence is fundamentally reshaping cybersecurity threats to critical infrastructure, with particular focus on advanced AI models capable of discovering software vulnerabilities at machine speed.

The hearing, titled "The AI Security Landscape: How Frontier Models, Agentic AI, and AI Coding Tools Are Reshaping Cybersecurity and Critical Infrastructure Resilience," brought together industry leaders and policy experts to address emerging threats that Chairman Andy Ogles characterized as collapsing timelines that previously took skilled researchers months to accomplish.

Frontier models accelerate vulnerability discovery

Sandra Joyce, Vice President of Google Threat Intelligence, confirmed that her team recently discovered the first evidence of AI being used to develop a zero-day exploit by cybercriminals. She warned that while AI will help defenders harden software, adversaries may have short-term initiative to find and exploit vulnerabilities at scale.

Joyce outlined a concerning transition period where threat actors will use AI to discover novel vulnerabilities even as defenders work to integrate AI into development cycles. She emphasized that agentic orchestration will allow attackers to scale operations and move at unprecedented speed, taking advantage of slow patch cycles and human response times.

Google has pioneered what Joyce described as an "always-on four-step framework" for autonomous defensive control: prepare, scan and prioritize, remediate, and monitor. The goal is shifting from reactive response toward active prediction and accelerated remediation.

China's open-weight AI strategy raises concerns

Chairman Ogles devoted significant attention to national security risks posed by China's approach to AI development. He noted that while the United States leads in advanced frontier models that are largely closed and proprietary, Chinese labs are releasing open-weight models that anyone can download for free and run at a fraction of the cost.

The concern centers on what happens when foreign adversaries copy American models, strip out safety guardrails, and release them globally. Ogles warned that if capable Chinese models become the default foundation for developers worldwide, it could embed censorship and uncertain security into the global digital economy.

Chris Meserole, Executive Director of the Frontier Model Forum, testified that the cyber capabilities of the latest frontier models represent a clear trajectory rather than a sudden jump, aligning with empirical forecasts from over a year ago. He emphasized the need to strengthen public-private partnerships and information sharing channels.

Why it matters

The hearing signals congressional intent to closely oversee how CISA implements its responsibilities under President Trump's recent executive order on AI cybersecurity benchmarking. With AI models now capable of discovering and exploiting unknown vulnerabilities faster than human teams, the balance between offensive and defensive cyber capabilities is shifting rapidly. For critical infrastructure operators, the collapse of exploitation timelines means traditional patch management approaches are no longer adequate against AI-enabled adversaries.

The hearing testimony was first reported by Tech Policy Press.