AI-Driven Cyber Attacks: How Frontier Models Are Reshaping State and Local Cybersecurity

The Confidence Collapse

Numbers rarely lie as clearly as these do. In 2022, 48% of state chief information security officers (CISOs) felt confident in their ability to protect public data. By the most recent NASCIO survey, conducted in partnership with Deloitte, that figure had fallen to 22%.

That is not a gradual erosion. That is a structural loss of confidence driven by a specific cause: the emergence of agentic AI systems capable of executing sophisticated cyberattacks with minimal human oversight.

Utah’s Chief Information Officer Alan Fuller put it plainly:

The world is dangerous now, and it’s about to get way more dangerous as these frontier models become more widely available.

His state’s networks are scanned more than a billion times per day by potential intruders. An AI-powered monitoring tool runs continuously — and Fuller still considers it insufficient.

What Changed: From Human Hackers to AI Agent Armies

Traditional cyberattacks required skilled human operators to manually probe for vulnerabilities. That constraint imposed a natural ceiling on the scale and speed of attacks. Frontier AI removes that ceiling entirely.

Agentic AI systems can now analyze target infrastructure, generate exploit code, and process vast datasets of stolen credentials more efficiently than entire teams of experienced human hackers. The attack surface does not just grow — it becomes continuously and automatically probed at a scale no human adversary could sustain.

The clearest illustration came in September 2024, when a suspected Chinese state-sponsored group weaponized Anthropic’s Claude Code tool against tech companies, banks, chemical manufacturers, and government entities. Anthropic described it as the first documented case of a large-scale cyberattack executed without substantial human intervention. The barriers to sophisticated attacks, the company concluded, had dropped substantially.

Zero-day vulnerabilities — previously unknown security gaps that defenders have no patch for — are the most dangerous product of this shift. AI can now deploy virtual agent armies to hunt for these gaps continuously, exponentially increasing the probability of a successful surprise intrusion.

Claude Mythos and the Dual-Use Dilemma

In April 2025, Anthropic made an unusual decision: it withheld its newest model, Claude Mythos, from public release. The reason was not commercial — it was existential. The model was assessed as too dangerous to release broadly due to its cybersecurity implications.

Instead, Anthropic shared Mythos with more than three dozen technology companies to give them a head start on identifying and remediating vulnerabilities before bad actors could exploit the same capabilities. The initiative, named Project Glasswing, is Anthropic’s effort to secure the world’s most critical software. To date, it has identified more than 10,000 serious security gaps across major operating systems and web browsers, and has expanded to include infrastructure operators in more than 15 countries.

This is the dual-use dilemma at its sharpest. The same model powerful enough to find thousands of high-severity vulnerabilities is, by definition, powerful enough to exploit them. The race is not between offense and defense in the abstract — it is between who gets access to frontier capabilities first.

OpenAI has entered the same space, offering a limited preview of GPT-5.5-Cyber to entities responsible for critical infrastructure cybersecurity. The pattern is consistent: frontier labs are selectively deploying their most capable models as defensive instruments, while simultaneously acknowledging that broader availability poses systemic risk.

The Federal Response and Its Limits

The severity of the threat prompted direct executive action. President Donald Trump issued an executive order on AI and security, including a requirement that the Homeland Security Secretary facilitate access to cybersecurity tools and services for state and local governments and critical infrastructure operators such as utilities and hospitals.

The order signals federal recognition that the public sector cannot be left to navigate this transition alone. But executive orders do not resolve budget shortfalls, and the structural funding problem for state cybersecurity remains acute.

Cybersecurity budgets at the state level are largely flat or declining. Federal funding streams are expiring. State leaders have urged Congress to reauthorize the $1 billion State and Local Cybersecurity Grant Program — a figure that, given the scale of the threat, represents a floor rather than a ceiling. As Fuller stated directly:

We are under-resourced, and that’s part of what is causing us fear.

The Public Sector’s Specific Exposure

Enterprise software developers and critical infrastructure operators are the immediate focus of frontier AI defense programs. State and local governments will benefit indirectly from those efforts — but they carry distinct vulnerabilities that require targeted attention.

Public sector systems hold sensitive citizen data, manage critical services, and are often interconnected with local government networks and public higher education institutions. The NASCIO survey found that confidence in protecting state information assets from threats originating within local government and higher education had fallen from 59% in 2022 to just 26% today. Third-party vendor dependencies compound the exposure further.

AI-enabled attacks now rank as a top-three concern for state CISOs, alongside phishing and third-party security breaches. The threat is not hypothetical — it is already shaping operational priorities.

Anthropic has begun engaging directly with the public sector, holding cybersecurity briefings in May 2025 that drew more than 100 top public sector technology officials. The company plans to announce a new cyber defense program specifically tailored to public sector needs, using generally available Claude models for vulnerability identification and remediation.

Defensive Adoption: The 44-State Trajectory

Despite the resource constraints, the public sector is not standing still. CISOs in 23 states reported already using generative AI to strengthen cybersecurity operations, with 21 additional states planning to do so within the next year. That trajectory — 44 states actively deploying or planning to deploy AI-powered defenses — reflects a pragmatic recognition that the only credible response to AI-enabled attacks is AI-enabled defense.

Approximately one-fifth of states are also adopting a whole-of-state cybersecurity approach, providing umbrella support to entities outside direct state government — local municipalities, school districts, and public universities — that would otherwise lack the resources to defend themselves independently.

On the legislative front, California and New York have enacted first-in-the-nation laws requiring frontier AI developers to mitigate the risk of catastrophic harms, including large-scale cybersecurity attacks. Illinois has passed similar legislation awaiting the governor’s signature. These laws represent an emerging regulatory layer that could impose structural accountability on the supply side of the frontier AI market.

The Six-to-Nine Month Window

Fuller’s estimate — that states have roughly six to nine months before adversaries gain meaningful access to frontier models — frames the urgency precisely. This is not a five-year strategic planning horizon. It is an operational countdown.

The arms race dynamic is real and accelerating. Defensive AI tools must be procured, integrated, and operationalized before offensive capabilities reach the hands of nation-state actors and criminal syndicates at scale. Budget cycles, procurement processes, and legislative appropriations were not designed for this tempo.

What This Means for the AI Tools Ecosystem

For anyone tracking the AI tools landscape, the cybersecurity vertical is undergoing a rapid and consequential restructuring. Frontier model capabilities are bifurcating the market: the most powerful models are being withheld from general availability and channeled instead into controlled defensive programs. A new category of AI-native cybersecurity tooling — purpose-built for vulnerability detection, threat analysis, and autonomous remediation — is emerging at speed.

The procurement decisions state and local governments make in the next six to twelve months will define their defensive posture for years. Tools that can integrate with existing public sector infrastructure, operate within constrained budgets, and deliver measurable vulnerability reduction will find a large and urgent market.

Closing Reflection

The confidence collapse among state CISOs is not a failure of competence. It is an accurate reading of a threat environment that has changed faster than institutions were built to respond to. Frontier AI has compressed the timeline between capability emergence and adversarial deployment to a degree that makes conventional planning cycles inadequate.

The arms race Fuller describes is already underway. The question is not whether public sector cybersecurity will be transformed by AI — it already is. The question is whether the defensive side of that transformation receives the resources, tools, and policy support it needs before the next wave of attacks arrives.

Observe the tools entering this space carefully. The ones that matter most right now are not the ones generating the most attention — they are the ones quietly closing the gaps that frontier models are already finding.