Leverage Existing ISACs to Share AI Threat Information

On July 23, 2025, the Trump Administration released “America’s AI Action Plan”, entitled “Winning the Race: America’s Action Plan”. The plan is focused around three pillars designed to help America “win” the AI Race: innovation, infrastructure, and international diplomacy and security.  Although the action plan is relatively short, it is rich in content.  

One aspect of it that caught my attention is the proposal to create an Artificial Intelligence - Information Sharing and Analysis Center (AI-ISAC).  The fact that the plan calls for the creation of an ISAC for AI-driven threats indicates two things.  First, it shows an appreciation for the importance of sharing threat intelligence.  While threat intelligence sharing is not the solution to cybersecurity - it certainly is a core component of the solution.  Without understanding adversaries and sharing threat intelligence about their TTPs and indicators of compromise, we will not be able to defend against them at scale. Second, it shows how successful the ISAC model has become.  The ISAC community has proven its worth and value across the critical infrastructure community at large.  Not too long ago, ISACs were viewed as ineffective.  Now, whenever there is a perceived gap in information sharing, the instinct is to form an ISAC.

So it is with appreciation and respect that I suggest that the government does not need to create a new ISAC to share threat intelligence on AI-based threats.  AI is just one of many tools in an attacker's arsenal. Threat actors use a wide range of tactics – from phishing and social engineering to customized malware and living-off-the-land-techniques – yet we don’t have specific ISACs for each of these attack vectors or methods.  In fact, one of the key roles of an ISAC is to look at the totality of the threat environment to provide actionable, prioritized reporting to their members that enables informed risk management.

The IT-ISAC fully supports and appreciates the government’s desire to share more AI-driven threat intelligence.  We support the goal of sharing as much threat intelligence as possible and would like to engage with the administration to explore how we can better work together. However, if the federal government has specific threat intelligence regarding AI-driven threats, there is nothing that prevents them from sharing this today.  In fact, there are trusted processes already in place for sharing sensitive threat intelligence with ISACs, and more broadly with the critical infrastructure community. Similarly, ISACs have established mechanisms to share related threat intelligence with the government. 

AI threats are just one of many threat categories ISACs are monitoring, analyzing, and discussing with their members. For example, the IT-ISAC frequently shares AI-related threat intelligence with members, as they are a frequent topic of discussion on our Technical Committee and Special Interest Group meetings.  We have dedicated forums for sharing AI-related threats. 

Other ISACs are also monitoring AI-enabled threats, and there is robust threat intelligence sharing across ISACs through the National Council of ISACs (NCI). Each sector has its own nuances, which impact how threats manifest and how they are mitigated. Sector-specific ISACs are well attuned to their members’ needs and can tailor threat intelligence and mitigation practices accordingly.

Finally, it is worth noting the important point within the AI Action Plan that calls on companies to integrate AI as part of their cyber defense strategies.  Yes, AI is being leveraged by adversaries, but it also is proving to be a vital tool for network defenders.  However, deploying AI for defensive purposes must be done thoughtfully.  Companies must make risk-informed decisions on how to allocate resources for maximum effect.  In some instances, AI may reduce the cost of certain security functions, but could increase costs in other areas.  It certainly is appropriate for companies to explore how they can utilize AI to enhance their cybersecurity posture, but companies will make different determinations on how to deploy AI within their unique environments.

The IT-ISAC remains committed to engaging with the government to strengthen threat intelligence sharing across both industry and government.  Active collaboration is already happening on a range of threats supported by trusted and proven methods of information exchange.  Instead of investing time and resources to create a new organization to do what is already being done, it might be more effective for the government to better leverage existing structures to share threat intelligence on AI-driven threats.