In response to growing interest in how rapid advances in artificial intelligence (AI) increase cybersecurity risks and how AI could be used to bolster cybersecurity defenses, the National Academies of Sciences, Engineering, and Medicine will produce a rapid expert consultation (REC) to assess the implications of AI for the cybersecurity landscape.
The REC will explore such questions as:

• How can AI be used—including in combination with advances in other technology areas such as formal methods—to better identify and mitigate (defense) or exploit (offense) cyber vulnerabilities?
• How can AI be used to augment defensive and offensive operations, such as the scale implications of automation?
• What are the cybersecurity implications of AI system vulnerabilities such as model poisoning and adversarial inputs?
• Given that human-systems interactions are a major source of cyber risk, how will AI’s capabilities for deception and automation bolster efforts to exploit and mitigate these human behavioral vulnerabilities?
• Given the current lack of reliable metrics for cybersecurity, what kinds of metrics could be used to track changes in AI-related cyber risk or attacker–defender advantage?
• What other information could be collected to better track and understand the impact of AI on cyber resiliency

Building on this exploration, the REC will address urgent questions such as the following:

• How might AI shift the balance between defense and offense?
• What are the implications of AI advances for cyber operations, workforce development and human capital, R&D investments, and organizational and national strategies—and what steps might governments and private organizations take in response?

This effort will build on a body of National Academies work including 2025 studies of hard problems in cybersecurity and defense software assurance and will be informed by expert input and relevant technical literature. This REC is intended to inform private-sector and government decision-making but will not include formal findings, conclusions, recommendations, or policy advice.