A senior federal cybersecurity leader said on Tuesday that the rapid adoption of artificial intelligence (AI) is forcing agencies to rethink how they manage risk within zero trust architectures because machine-speed decision-making strains traditional security controls.
Bill English, chief information officer at the General Services Administration (GSA) Office of Inspector General (OIG), said at the Illumio Public Sector Summit in Reston, Va., that AI is accelerating operational timelines to milliseconds.
“It’s about speed versus control” said English, who also serves as the chief AI officer at the GSA OIG. In traditional security models, humans were often in the loop for key decisions – evaluating threats, requesting authorization, and then taking action. But with AI operating at machine speed, that model no longer holds.
Instead of relying on manual approvals, English said organizations must define “rules of engagement” in advance – determining what systems can do autonomously and when human oversight is required.
“Executives have to look at, what are the things that we can predetermine? What can we set in place so that I don’t have to get woken up at three in the morning?” English said.
The rise of AI agents is also introducing new identity and access management challenges.
Federal agencies will need stronger segmentation and “constant validation” to secure AI-driven activity, said Omar Chaudhry, head of mission infrastructure at nonprofit federal research firm MITRE.
“If things are going to be moving as fast as they are, we need to be able to make sure that we have adequate segmentation, that we don’t have runaway processes,” Chaudhry said.
Still, the panelists cautioned against framing security requirements as barriers to innovation. English compared security controls to braking systems in a Formula One race car – an upfront investment that enables higher performance over time.
“If you were to take all of the safety systems off of that race car, it might actually be able to achieve a faster one lap time. But it’s not about doing one lap. It’s about doing a sustained campaign of races throughout the season,” English explained.
“It may be slower to install a braking system, but it gives the driver the ability to have more confidence,” he added. “So, I see security as really the enabler for innovation and enabling a company or an agency to move forward quickly.”
Gary Barlet, who moderated the conversation and serves as the public sector chief technology officer at cybersecurity firm Illumio, reinforced the need for caution.
“We can’t forget, AI can be fooled too … we shouldn’t put too much faith in these things yet,” Barlet said, adding that fully autonomous systems remain a “scary thought.”