{"id":5719,"date":"2024-10-10T10:27:57","date_gmt":"2024-10-10T15:27:57","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82076"},"modified":"2024-10-10T10:27:57","modified_gmt":"2024-10-10T15:27:57","slug":"cisa-official-ai-tools-need-to-have-a-human-in-the-loop","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop\/","title":{"rendered":"CISA official: AI tools \u2018need to have a human in the loop\u2019"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>CISA official: AI tools \u2018need to have a human in the loop\u2019 | FedScoop<\/title> <meta name=\"description\" content=\"Lisa Einstein, the cyber agency\u2019s chief AI officer, made the case at two D.C. events for \u201cstrong human processes\u201d when using the technology.\"> <link rel=\"canonical\" href=\"https:\/\/fedscoop.com\/cisa-chief-ai-officer-lisa-einstein-cyber-ai-policy\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CISA official: AI tools \u2018need to have a human in the loop\u2019\"> <meta property=\"og:description\" content=\"Lisa Einstein, the cyber agency\u2019s chief AI officer, made the case at two D.C. events for \u201cstrong human processes\u201d when using the technology.\"> <meta property=\"og:url\" content=\"https:\/\/fedscoop.com\/cisa-chief-ai-officer-lisa-einstein-cyber-ai-policy\/\"> <meta property=\"og:site_name\" content=\"FedScoop\"> <meta property=\"article:published_time\" content=\"2024-10-10T15:24:44+00:00\"> <meta property=\"article:modified_time\" content=\"2024-10-10T15:24:45+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png\"> <meta property=\"og:image:width\" content=\"1779\"> <meta property=\"og:image:height\" content=\"976\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Feed\" href=\"https:\/\/fedscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Comments Feed\" href=\"https:\/\/fedscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/fedscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/fedscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725466133g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/fedscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1728062707g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/fedscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/fedscoop.com\/wp-json\/wp\/v2\/posts\/81478\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/fedscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/fedscoop.com\/?p=81478\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Fcisa-chief-ai-officer-lisa-einstein-cyber-ai-policy%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Fcisa-chief-ai-officer-lisa-einstein-cyber-ai-policy%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81478 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/fedscoop.com\/cisa-chief-ai-officer-lisa-einstein-cyber-ai-policy\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.51028277635\">\n<div class=\"single-article__header-content\" readability=\"33\">\n<p> Lisa Einstein, the cyber agency\u2019s chief AI officer, made the case at two D.C. events for \u201cstrong human processes\u201d when using the technology. <\/p>\n<p> <!-- Listen to this article section --> <!-- End of audio player --> <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"351\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop.png?resize=640%2C351&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png 1779w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png?resize=300,165 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png?resize=768,421 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png?resize=1024,562 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png?resize=1536,843 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png?resize=600,329 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png?resize=1200,658 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop-1.png?resize=1500,823 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> CISA Chief AI Officer Lisa Einstein speaks during a panel discussion at the NVIDIA AI Summit in Washington, D.C., on Oct. 9, 2024. (Screenshot) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"46.569769730368\"><body readability=\"94.68462052081\"><\/p>\n<p>An abbreviated rundown of the Cybersecurity and Infrastructure Security Agency\u2019s artificial intelligence work goes something like this: a dozen <a href=\"https:\/\/www.cisa.gov\/ai\/cisa-use-cases\">use cases<\/a>, a pair of completed <a href=\"https:\/\/www.cisa.gov\/topics\/partnerships-and-collaboration\/joint-cyber-defense-collaborative\/Joint-Cyber-Defense-Collaborative-Artificial-Intelligence-Cyber-Tabletop-Exercise-Series\">AI security tabletop exercises<\/a> and a <a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2023-11\/2023-2024_CISA-Roadmap-for-AI_508c.pdf\">robust roadmap<\/a> for how the technology should be used.<\/p>\n<p>Lisa Einstein, who took over as <a href=\"https:\/\/fedscoop.com\/cisa-chief-ai-officer-lisa-einstein\/\">CISA\u2019s first chief AI officer in August<\/a> and has played a critical role in each of those efforts, considers herself an optimist when it comes to the technology\u2019s potential, particularly as it relates to cyber defenses. But speaking Wednesday at two separate events in Washington, D.C., Einstein mixed that optimism with a few doses of caution.<\/p>\n<p>\u201cThese tools are not magic, they are still imperfect, and they still need to have a human in the loop and need to be used in the context of mature cybersecurity processes,\u201d Einstein said during a panel discussion at <a href=\"https:\/\/www.nvidia.com\/en-us\/events\/ai-summit\/\">NVIDIA\u2019s AI Summit<\/a>. \u201cAnd in some ways, this is actually good news for all of us cybersecurity practitioners, because it means that doubling down on the basics and making sure we have strong human processes in place remains super critical, even as we use these new tools for automation.\u201d<\/p>\n<p>At <a href=\"https:\/\/predict.recordedfuture.com\/event\/dc\/websitePage:e51a1ea3-4efb-454f-a3cf-906e0ddb109e\">Recorded Future\u2019s Predict 2024 event<\/a> later in the day, Einstein doubled down on those comments, noting that the \u201cAI gold rush\u201d happening across the tech sector now has people perhaps overly excited about AI-generated code. In reality, there\u2019s plenty to be concerned about with AI as it\u2019s observed \u201cechoing previous generations of software security issues.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAI learns from data, and humans historically are really bad at building security into their code,\u201d she said. \u201cThe human processes for all of these security inputs are going to be the most important thing. Your software assurance processes, it\u2019s not going to be just fixed with some magical, mystical AI tool.\u201d<\/p>\n<p>Assessments of that kind from Einstein are possible thanks in part to CISA\u2019s decades-long experience with commercial AI products, as well as the agency\u2019s more recent work with a handful of bespoke tools. She specifically cited a reverse malware engineering system that leverages machine learning to aid analysts in diagnosing malicious code.<\/p>\n<p>For that AI tool and others like it, Einstein said, human review is still absolutely critical.<\/p>\n<p>\u201cWe don\u2019t yet have a situation where there\u2019s some AI agent doing all of our cyber defense for us,\u201d she said. \u201cAnd I think we have to be realistic about how important it is to still keep humans in the loop across all of our cybersecurity use cases.\u201d<\/p>\n<p>CISA has been able in recent months to drive home that human-centered case through two tabletop exercises led by the Joint Cyber Defense Collaborative. Einstein spoke at both Wednesday events about JCDC\u2019s AI efforts, highlighting the agency\u2019s decision to enlist new industry partners specializing in the emerging technology.&nbsp;<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAI companies are part of the IT sector, that\u2019s part of critical infrastructure, and they need to understand how they can share information with CISA and with each other in the wake of possible AI incidents or threats,\u201d she said.<\/p>\n<p>The JCDC\u2019s first AI security tabletop exercise was held in June and the second was completed \u201cjust a couple weeks ago,\u201d Einstein said. Next up for the group will be the publication this fall of an AI security incident collaboration playbook, which she hopes will be \u201cuseful \u2026 in the context of future threats and incidents.\u201d<\/p>\n<p>\u201cWhat we hope is that that community will be able to keep building this muscle memory of collaboration,\u201d she said, \u201cbecause it\u2019s a terrible time to make new collaboration during a crisis. We need to have these strong relationships increase trust ahead of whatever crisis might happen.\u201d<\/p>\n<p>Part of CISA\u2019s crisis planning in the months ahead will come in the form of its second set of risk assessments required by the White House\u2019s AI executive order. Einstein said the agency is already \u201cdeep\u201d into that second round of assessments, on track for a January delivery date. In the meantime, Einstein has a few words of advice for public or private-sector cyber officials as they consider using the technology.<\/p>\n<p>\u201cDon\u2019t be a solution looking for a problem; become obsessed with the problem you\u2019re trying to solve, and then use the best available automation or human to fix that problem,\u201d she said. \u201cJust because you have an AI hammer doesn\u2019t mean that everything\u2019s a nail, right?\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.1482112436116\">\n<div class=\"author-card\" readability=\"15\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-official-ai-tools-need-to-have-a-human-in-the-loop.jpg?w=640&#038;ssl=1\" alt=\"Matt Bracken\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Bracken<\/h4>\n<p> Matt Bracken is the managing editor of FedScoop and CyberScoop, overseeing coverage of federal government technology policy and cybersecurity. Before joining Scoop News Group in 2023, Matt was a senior editor at Morning Consult, leading data-driven coverage of tech, finance, health and energy. He previously worked in various editorial roles at The Baltimore Sun and the Arizona Daily Star. You can reach him at matt.bracken@scoopnewsgroup.com. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">FedScoop TV<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to FedScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/fedscoop.com\/cisa-chief-ai-officer-lisa-einstein-cyber-ai-policy\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA official: AI tools \u2018need to have a human in<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235],"tags":[236],"class_list":["post-5719","post","type-post","status-publish","format-standard","hentry","category-ai","tag-ai"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a>","tag_info":"AI","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5719"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5719\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}