Nextgov/FCW - All Content

SBA partners with Perplexity to launch $25M Main Street AI Accelerator

Edward Graham — Mon, 15 Jun 2026 17:20:00 -0400

With the U.S. seeking to maintain its status as the globe’s artificial intelligence superpower, the Trump administration has been looking to support initiatives that can drive innovation and economic growth across the nation’s small businesses.

The national AI legislative framework released by the White House last month included a pillar stating that the development of emerging technologies “should strengthen American communities and small businesses through economic growth and energy dominance.”

The Small Business Administration has also been working to harness AI’s capabilities when it comes to driving innovation and growth across the country, with agency officials seeing the technology as increasingly critical for smaller companies.

During a June 9 Axios event, SBA Administrator Kelly Loeffler said AI “is going to be a powerful engine for fueling growth on Main Street, for fueling job creation.”

“Winning the AI arms race is absolutely vital,” she added. “If China wins, this is going to be really problematic for the entire country, but particularly for Main Street.”

Earlier this month, AI firm Perplexity announced the launch of the Main Street AI Accelerator in collaboration with the SBA to help support small businesses looking to harness the technologies.

The $25 million initiative is offering $250 Perplexity Computer credits to up to 100,000 small businesses that are recipients of SBA’s 7(a)- or 504-backed loans. Computer is the name of the company’s unified system that it said “connects to 400+ tools that growing businesses already run on, including Intuit QuickBooks, Intuit Mailchimp, Shopify, and Stripe.” Perplexity said the $250 credit is a nod to America’s 250th anniversary.

SBA did not respond to multiple requests for comment, although Perplexity said it is the first time an AI firm has launched such a program with the agency.

In an interview with Nextgov/FCW, Perplexity Chief Business Officer Dmitry Shevelenko said the partnership with SBA was “very organic” because the agency was already using Perplexity Enterprise internally.

“When you talk to small business owners, one of the biggest bottlenecks for them is actually they can't hire enough people to grow their business,” Shevelenko said, adding that Perplexity’s Computer AI system and enhanced access to the capabilities is like if a small business “just got 100 digital co-workers.”

Shevelenko said the company is also in the process of investing “in kind of what we call concierge onboarding for these small businesses, where they get hands-on training on how to actually use Computer.”

He added that “if you just give people a little bit of a boost as they're getting started [with their businesses], then we see huge dividends to that.”

]]>

DHS finalizes first Cumulus cloud contract with AWS

Ross Wilkers — Mon, 15 Jun 2026 16:50:00 -0400

The Homeland Security Department has finalized the first out of four awards under Cumulus, a centralized contract for acquiring commercial cloud computing services across the entire organization.

Amazon Web Services’ portion of the contract will have a $2.5 billion ceiling over up to five years, DHS said in a Friday Sam.gov notice.

The department is now working on awards to Oracle, Google Cloud and Microsoft with the goal of finalizing those by the end of the calendar year’s second quarter, or the end of this month.

Each award under Cumulus will cover a one-year base period and up to four individual option years.

DHS created Cumulus to have a mix of competitive and non-competitive awards across all aspects of commercial cloud to include infrastructure-as-a-service, platform-as-a-service and software-as-a-service.

After signing the hyperscalers’ contracts, DHS will create a multiple-award competition to support the Cumulus effort with more details to be released at a later date.

The department sees Cumulus as its means to gain greater visibility into cloud spending and usage across all agencies and components with the goal of achieving more economies of scale and consistency in acquisitions.

]]>

Industry and academia call on administration to free Anthropic’s AI model

Alexandra Kelley — Mon, 15 Jun 2026 16:23:00 -0400

Signatories across industry, academia and expert groups issued a public letter Monday asking the Trump administration to roll back new restrictions imposed on Anthropic’s Fable 5 model.

Featured on a new “Free Fable” website, the letter — signed by representatives from companies like Adobe, NVIDIA and Zoom, along with academics from Johns Hopkins and the University of Maryland, Baltimore College — asks Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross to reverse the suspension of Anthropic’s latest model.

The White House’s Friday decision to suspend access to Fable 5, which is a consumer-safe variation of Anthropic’s cybersecurity-focused Mythos model, initially only applied to foreign nationals both within and outside of the U.S. Given the challenges surrounding cutting off access to specific IP addresses for specific users, Anthropic announced it would disable access to Fable 5 for all users.

The decision comes as Anthropic and elements of the U.S. government are still in litigation over the Trump administration designating the company a supply chain risk following a dispute between Anthropic and the Pentagon over barring use of the company’s AI products in autonomous weaponry and surveillance operations.

In the letter released Monday, the signatories protested the government’s export controls, saying that it “has taken the best models away from defenders, created market uncertainty, and risked America’s AI leadership without any real risk to justify it.”

The signatories said the inherent protections built into Fable to prevent its use for cyber offenses and identify the ongoing race to AI dominance with adversarial nations like China were reasons to unleash Fable for use by the cyberdefense community.

“Anthropic has built multiple protections into the Fable model to prevent its use for cyber offensive uses. These protections were so aggressive as to be the source of humor in the cyber community on launch day,” the letter said. “It is essential to provide AI to coders and security teams so they can find and fix flaws in their own newly-written as well as decades of legacy code faster than our adversaries.”

The signatories recommended four approaches that the administration should take on AI policy going forward, starting with public sector regulators collaborating with industry and academia for input and using a democratic rule-making process for new AI policy.

The letter also recommended transparent enforcement with “appropriate time given to remediate” and using the “minimal extent necessary” to ensure the safety of the American public are the.

Other private sector organizations who did not sign the letter have also expressed confusion following the administration’s export controls and are trying to ensure clear communication with the White House.

“Many people are closely monitoring this situation to see whether Anthropic and the White House can overcome their differences, establish a better rapport, and quickly resolve this situation,” an industry source told Nextgov/FCW. “At the same time, there’s some general unease about the use of export controls to gain leverage over the AI companies because of some of the unintended consequences it might initiate.”

TJ Marlin, the CEO of Guardrail Technologies, an AI-powered enterprise security platform that works to detect risks in other AI systems, underscored the need for cyberdefenders to have the best tools to consistently be able to monitor, detect and patch network vulnerabilities.

“The question is not whether a given model's protections can be bypassed,” Marlin told Nextgov/FCW. “The question is who finds the weakness first, the defender or the attacker, and whether the organization is built to keep finding them on a schedule that never ends.”

]]>

NSPM-12: The NSS cyber memo agencies cannot ignore

Hemant Baidwan — Mon, 15 Jun 2026 14:46:00 -0400

Spend enough time in government and reading policy documents becomes second nature. You learn fast where the wiggle room usually lives. The vague timelines. The "consistent with applicable law" language that gives everyone room to slow walk implementation. NSPM-12 has less of that than most.

There are named officials. Hard deadlines. A governance body with actual authority to issue binding directives. That is different than what we usually see. For agencies that have been waiting for someone to force the issue on National Security System cybersecurity, this is that moment.

Here are three things agencies need to understand right now.

The 90-day cloud security policy deadline

The 90-day window to update cloud security policy for National Security Systems is tight. For some agencies it will be manageable. For others it will not. Getting the right technology authorized for use inside a federal agency has historically taken years not months. Not because people weren't working hard. Because the process was not built for the pace this moment requires. Part of it is bureaucratic friction. Part of it is that the compliance frameworks themselves assumed timelines that no longer match the threat environment. The memo creates the urgency. Agencies need partners who can actually help them move in that window.

The inventory requirement

Every agency must now maintain an annual inventory of every National Security System it owns or operates. That sounds simple. It is not.

Ask that question inside most large federal agencies, and the honest answer is some version of "we think we have a handle on it." Shadow IT is real. Systems inherited through reorganizations are real. Legacy infrastructure that predates modern classification frameworks is real. Getting a clean picture of a full agency footprint is hard, even with strong leadership commitment behind it. An accurate inventory is the foundation of every other security decision an agency makes. You cannot defend what you cannot see.

The NSA is now formally designated as National Manager for National Security Systems. They have authority to assess cybersecurity posture across the entire government. Agencies that wait until that assessment arrives to start building their inventory will be in a difficult spot.

The AI and cybersecurity policy convergence

The AI connection is also worth watching. NSPM-12 is not an AI policy memo by itself, but it lands in the same moment as broader White House action on AI, national security, and cyber. That matters because AI will increasingly sit inside, support, or defend National Security Systems. If agencies do not have clean inventories, secure cloud patterns, strong logging, and clear governance, they will struggle to adopt AI securely in mission environments.

For most of the past decade those two tracks ran separately. Cybersecurity policy on one side. AI policy on the other. Sometimes they intersected but they were managed, funded and governed as different problems. What this administration just said is they are the same problem. That is the right call. The threat surface for AI-enabled systems is not the same as traditional IT.

The ways adversaries will probe AI infrastructure are still being figured out by everyone, including the adversaries themselves. Adopting AI fast without a security framework built around AI-specific risks creates technical debt that eventually costs you when it matters most. Treating AI adoption and cyber governance as separate workstreams is no longer an option.

NSPM-12 and NSPM-11 together give agencies a structure to solve both at the same time, under deadline, with the NSA watching. The CNSS has authority to issue binding directives. The National Manager can push emergency guidance directly to agency heads. Performance metrics are coming. This is a governance structure with real accountability behind it.

Hemant Baidwan is the Chief Information Security Officer at Knox Systems, where he leads enterprise cybersecurity strategy and the development of AI-driven, cloud-native security platforms. Previously, he served as the CISO and Acting Deputy Chief Information Officer at the U.S. Department of Homeland Security (DHS), where he was responsible for securing one of the largest and most complex civilian federal environments.

]]>

Anthropic suspends top AI models after U.S. export control order

David DiMolfetta — Sat, 13 Jun 2026 12:44:00 -0400

The Trump administration has ordered Anthropic to restrict foreign national access to two of its most advanced artificial intelligence models, prompting the company to disable the systems for all customers and escalating a fight over how Washington should control frontier AI tools with powerful cybersecurity capabilities.

Anthropic said Friday evening that the U.S. issued an export control directive suspending access to Fable 5 and Mythos 5 by any foreign national, including foreign nationals inside the United States and foreign national employees of the company. Anthropic said the order effectively forces it to abruptly disable both models for all customers while it works to comply, though the directive will not affect access to its other models.

The order marks one of the administration’s most aggressive steps yet to control access to frontier AI models, and significantly increases tensions with Anthropic, which has become a darling in Washington policy circles for its often public commitments to AI safety.

The move appears to stem from concerns about a possible jailbreak of Anthropic’s systems. Axios reported Friday evening that the Commerce Department acted after another company claimed it had jailbroken Mythos, alarming officials about potential national security risks. Anthropic in a blog post pushed back on the government’s rationale, saying the concern involved a narrow potential issue and did not justify pulling access to the models broadly.

“To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws,” Anthropic wrote in a statement on the order. “Our understanding is that one potential jailbreak was shared with the government. We have reviewed a report that we believe is the basis of the government's directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe.”

The Trump administration’s order does not make mention of GPT-5.5 Cyber, another advanced vulnerability-focused model currently available to cyber defenders.

The decision came just days after Anthropic released Fable 5 and Mythos 5, the former of which was made available to the public with restrictions on sensitive uses. Mythos 5 was offered through a more limited trusted-access program known as Project Glasswing for cyber defenders and critical infrastructure operators. The company has described Mythos as a highly capable cybersecurity model that could be leveraged for significant cyber intrusions.

That dual-use potential has placed Anthropic at the center of a broader policy fight over how the government should treat advanced AI systems that can help defenders find flaws but could also assist in offensive cyber operations.

The government’s move to set export restrictions on the tools has drawn public support from senior defense technology officials.

Kirsten Davies, the Department of Defense’s chief information officer, wrote on X that the department “fully support[s] @POTUS and @SecWar in prioritizing national security and the security of our warfighters, [Defense Industry Base] partners, critical infrastructure, international partners and allies,” she said, crediting President Donald Trump and Defense Secretary Pete Hegseth.

“Some things are simply more important than revenue cycles, clickbait, and pre-IPO valuation. America First. Always,” she added.

The shutdown would likely complicate any near-term plans to test or deploy Anthropic’s most capable cyber-focused systems, especially for federal agencies and critical infrastructure partners. It also raises unresolved questions about how the government plans to balance trusted access for U.S. agencies and allies with fears that adversaries or unauthorized users could misuse the same systems.

The administration passed a sweeping AI executive order earlier this month, and has been discussing giving its main civilian cyberdefense agency full access to Mythos to aid in federal cyberdefense. Meanwhile, agency tech leaders have been struggling to both access and understand how to implement Mythos, citing lack of transparency from the White House’s cyber office.

Anthropic has had a contentious relationship with the federal government in recent months, after the company refused to allow its products to be used for instances of domestic surveillance or autonomous lethal weaponry. The Pentagon subsequently designated the company as a supply chain risk, and Trump ordered that federal agencies stop all use of its products. A federal judge on March 27 issued a temporary injunction on both actions.

“AI regulation will be some of the most serious and consequential work the U.S. government does over the next generation, and it is imperative that this work be done consistently across industry, without favor, and according to a clear, rules-based process,” said Brad Carson, president of Americans for Responsible Innovation. “Based on what we know thus far, the decision to block Anthropic’s latest AI model fails that test, and as a result, risks America’s edge in AI innovation. While the federal government must have the capacity to evaluate and even block the deployment of advanced AI models in extraordinary situations, the utmost care is required to insulate these decisions from impulse and political favoritism.”

]]>

Push for new Cyber Force service branch narrowly fails in the Senate

Thomas Novelly — Fri, 12 Jun 2026 18:19:00 -0400

An effort to create a new cyber-focused military service under the Army narrowly failed in the Senate, but the lawmaker who proposed it isn’t backing down.

Last month, Defense One exclusively reported that Sen. Kirsten Gillibrand, D-N.Y., was spearheading a markup amendment to the National Defense Authorization Act that would create a Cyber Force. The effort ultimately failed by a vote of 14-13, with four Democrats and 10 Republicans swatting the amendment down. Nine Democrats and four Republicans voted in favor.

“We remain optimistic about Cyber Force and the Senator will continue to push for its creation,” a Gillibrand spokesperson said.

While the Senate Armed Service Committee’s version of the National Defense Authorization Act sidelined the creation of a Cyber Force, it does scrutinize various Pentagon policy changes meant to strengthen U.S. Cyber Command, the current cyber-focused combatant command.

The committee’s version of the NDAA “directs an independent review of whether CYBERCOM is adequately organized and resourced to meet its expanding authorities and responsibilities” and also calls for “an independent study on the roles, responsibilities, authorities, and resourcing of the Principal Cyber Advisors of the military departments.”

The push to establish a Cyber Force under the Army, similar to how the the Space Force and Marine Corps sit under the Air Force and Navy, was in tandem with a new think tank report examining the perceived cost, time, and benefits of setting up a new cyber-focused service branch.

Joshua Stiefel, a former House Armed Services Committee staffer, co-chaired the Center For Strategic and International Studies and the Foundation for Defense of Democracies’ Commission on Cyber Force Generation. The findings, released earlier this month, said the creation of the service “would address longstanding structural challenges and build the Cyber Force the United States needs for this critical domain of warfare.”

Stiefel told reporters earlier this month that the findings were released at a pivotal moment where it seems CYBERCOM has been given a significant amount of authority, but concerns over how the military handles its cyber-focused troops still persist.

“What's interesting is that as someone who was in the legislative process for almost seven years, we tried, I tried, my colleagues tried everything and it seems as if we've reached that breaking point where there isn't any more authority to give to address this problem that doesn't start to begin to chip away or take away from the service chiefs,” Stiefel said. “And that dilemma means we're at this precipice.”

]]>

A key spying power will sunset on Friday — here’s why

David DiMolfetta — Fri, 12 Jun 2026 16:42:00 -0400

A powerful surveillance program — Section 702 of the Foreign Intelligence Surveillance Act — is set to statutorily lapse Friday for the first time in its history, capping months of failed negotiations over privacy and who should lead the nation’s spy agencies.

What is Section 702?

Section 702 lets U.S. intelligence agencies gather communications of foreigners located abroad without a warrant. It’s made possible because much of the world’s digital traffic flows through U.S.-based companies and internet infrastructure.

The law, enacted in 2008, codified parts of the once-secret Stellarwind surveillance program created under the Bush administration after the Sept. 11, 2001, terrorist attacks. In 2013, former NSA contractor Edward Snowden disclosed documents detailing how the authority was used, fueling a global debate over privacy and mass surveillance.

The authority is widely viewed by intelligence officials as one of the government’s most vital national security tools, used for counterterrorism, cyber defense and tracking nuclear weapons threats, among other things. But it has also drawn scrutiny from privacy advocates and lawmakers in both parties because Americans’ communications can be incidentally collected under the program and later searched by agencies, including the FBI.

Privacy and civil liberties groups have long pushed for proposals requiring a warrant before intelligence analysts can query 702 data for information about U.S. persons. Such measures don’t break neatly along party lines. Republicans and Democrats have argued that Congress should not simply approve another extension, despite wishes to do so from the Trump administration.

In 2024, under then-President Joe Biden, lawmakers reauthorized the program for two years with a number of reforms, though those didn’t include a warrant requirement.

On the other side of the debate, national security officials and other lawmakers in both parties contend that adding a warrant measure would slow or weaken intelligence work at a time of heightened threats from China, Iran and others.

March: Key court approves 702 activities

The Foreign Intelligence Surveillance Court approved the government’s annual certifications for Section 702 a few months ago, allowing collection under the authority to continue into 2027 even if Congress failed to act before the statutory deadline. The certifications cover broad categories of national security risks. For instance, one may cover foreign hackers targeting U.S. critical infrastructure.

That court approval means a lapse in the statute doesn’t cause the intelligence community’s existing 702 collection to immediately cease. But the lack of a congressional renewal can create legal uncertainty for technology providers compelled to assist the government in collection.

Unlike more clandestine intelligence tools used by agencies like the NSA to collect data on foreign adversaries, Section 702 relies on a legal mechanism requiring U.S. companies such as AT&T and Microsoft to turn over communications like emails and text messages that are tied to qualifying targets.

April: Congress approves a 45-day extension

As an April 30 deadline to renew the authority approached, Congress still had not settled the debate and agreed to buy itself more time. Lawmakers passed a 45-day extension after senators secured a deal requiring the declassification of a secret Foreign Intelligence Surveillance Court opinion within 15 days that privacy groups argue would help better inform discussions on the future of the program.

The vote punted the authority’s expiration to June 12. The status of that declassification is still unclear.

Over the last few months, the FISA fight has been shaped by rising unease over privacy and government power, with Democrats and advocacy groups questioning how Americans’ communications are handled and processed once collected. Those concerns have been folded into broader debates over immigration enforcement, the intelligence community’s use of commercially available data and the potential for artificial intelligence tools to expand the government’s ability to analyze sensitive personal information.

June: Intelligence leadership fight further complicates renewal

The debate grew more complicated after President Donald Trump moved to install Bill Pulte, the Federal Housing Finance Agency director, as acting director of national intelligence.

The decision soon injected a fight over intelligence leadership into the 702 talks. Democrats and some Republicans raised concerns about placing Pulte — a Trump ally with limited intelligence experience who has used his post atop the Federal Housing Finance Agency to scrutinize the president’s political foes — in charge of the intelligence community while Congress was being asked to extend one of its most powerful surveillance authorities.

The backlash helped sink another short-term extension this week. On Thursday, Trump said he would nominate Jay Clayton, the U.S. attorney for the Southern District of New York and former Securities and Exchange Commission chairman, to serve as director of national intelligence on a permanent basis.

The move appeared aimed, at least in part, at easing concerns over Pulte, but it did not immediately solve the 702 problem. Clayton still needs Senate confirmation, and Pulte’s interim role still remains part of the dispute as the deadline approaches.

What happens when 702 sunsets?

A lapse would be historically significant because Section 702 has never before been allowed to statutorily expire. Because the FISA court approved the government’s certifications earlier this year, existing collection activity may continue for now.

A more immediate concern involves whether agencies can add new foreign targets under already-approved court certifications, and whether companies will keep up with regulations without congressional renewal. If a company stopped complying with a 702 directive, the government could ask the FISA court to force compliance. Typically, the court has up to 30 days to rule.

Civil liberties advocates contend that collection can meaningfully continue even after a statutory lapse because of the way annual certifications are approved, and that other authorities remain available to support national security operations.

With the the House of Representatives scheduled to recess until June 23, lawmakers would not be able to approve any extension for at least a week. It’s possible Trump may sign an executive order to extend the FISA deadline, though whether he has the authority to do so remains unclear.

]]>

Anti-fraud overhaul clears House despite Democratic concerns over privacy and IG independence

Sean Michael Newhouse — Fri, 12 Jun 2026 16:24:00 -0400

As the Trump administration prioritizes combating fraud in federal programs, the House this week passed almost a dozen bills, several of which are bipartisan, intended to strengthen agencies’ ability to detect and stop fraudulent payments.

The Fraud Prevention and Accountability Act (H.R. 8312) would establish an inspector general office within the Treasury Department dedicated solely to countering grift in programs that provide funding to non-federal entities.

This new IG for Fraud, Accountability and Recovery would subsume the Pandemic Response Accountability Committee, a panel of IGs that was created in 2020 to oversee COVID-19 spending. Congress expanded the jurisdiction of the interagency entity, however, to include programs funded by the 2025 One Big Beautiful Bill Act.

The measure also would authorize the Treasury to share, on a voluntary basis, data tools with state and local governments that administer federal funds in order to prevent improper payments, such as by screening potential awardees against a centralized fraud database.

House Oversight and Government Reform Committee Chairman James Comer, R-Ky., characterized the measure as “the culmination of years of work to understand how agencies can improve their operations to protect hard-earned taxpayer money from fraudsters.”

“This legislation ensures there’s a permanent governmentwide anti-fraud analytics function to assist agency inspectors general with their fraud work,” he said during floor debate on Wednesday.

Most House Democrats opposed the bill, in particular because of the transfer of the PRAC to the new IG office. The committee is currently housed under the Council of the Inspectors General on Integrity and Efficiency, a central group for the agency watchdogs that the Trump administration blocked from receiving funding for more than a month last year.

The president also has fired nearly 20 IGs and has replaced many of them with individuals who worked in his first or second administration.

“Taking the PRAC out of CIGIE and moving it to a third new Treasury IG is another attempt to weaken the case for funding CIGIE and to further dismantle what remains of a community already very severely weakened by the Trump administration,” said Rep. James Walkinshaw, D-Va., during floor debate on Wednesday.

Walkinshaw also referenced objections to the bill from nonprofits like the Center for Democracy and Technology, which argued that the data sharing provisions would result in the collection of “significantly greater amounts of sensitive information from agencies across the federal government, functionally creating a master database on all Americans.”

The House passed the measure in a 240-181 vote with the support of 28 Democrats.

Lawmakers also passed, without any recorded opposition, bills that would increase, from $10,000 to $20,000, the minimum monetary reward for federal employees whose disclosure of fraud, waste or mismanagement leads to cost savings (H.R. 428) and require certain government workers to receive training on preventing fraudulent and improper payments (H.R. 8428).

]]>

Tech bills of the week: Standardizing DHS communications; Nuclear power for space exploration; and more

Alexandra Kelley — Fri, 12 Jun 2026 15:49:00 -0400

DHS public communications

Rep. Shri Thanedar, D-Mich., announced the introduction of legislation on Tuesday that would require the Department of Homeland Security to develop an agencywide policy for public-facing communications, in addition to providing social media training for employees.

The Department of Homeland Security Communications, Accuracy, Neutrality, Disclosure, Oversight and Review — or DHS CANDOR — Act seeks to avoid the spread of factual inaccuracies from DHS official communication channels. The DHS secretary would be tasked with crafting departmentwide policy, and subagency leadership would also add components specific to their offices that complement the overarching guidance. Those officials would then submit their updates to the Office of Public Affairs and the Office of the General Counsel for review.

The social media policies also look to address both personal profiles and official agency profiles. DHS employees would receive annual training on what is and is not appropriate to post on their personal accounts, and account managers would be given responsibility for official agency accounts.

Thanedar said in a press release that his measure was introduced in response to DHS “constantly posting inflammatory rhetoric.”

“My bill brings commonsense changes to how DHS operates its social media, to include personal and official accounts, by requiring mandatory media trainings and oversight by the DHS Office of Inspector General (OIG),” he added. “It is time that Congress brings an end to this unacceptable behavior.”

Nuclear-powered space exploration

A House proposal rolled out Tuesday looks to leverage nuclear power and propulsion technologies to further galvanize U.S. space exploration, including by establishing a new framework to develop technologies specific to the U.S. Moon-to-Mars missions.

The Powering the Future of American Space Dominance Act, sponsored by Rep. Mike Kennedy, R-Utah, aims to develop a blueprint for establishing a partnership between NASA and private sector partners to support the creation of advanced lunar power systems, nuclear reactors and other infrastructure needed to sustain long-term space expeditions.

To take this technology into deep space, we need a sustained national commitment and seamless coordination between government and industry,” Kennedy said in a press release. “I fully support NASA’s missions and I believe Utah is ready to lead the nation in both the power and the propulsion that the future of space exploration demands.”

Understanding data centers’ environmental impact

A bicameral bill seeks to require data centers handling AI workloads to report their environmental and energy demand-related impacts to the Environmental Protection Agency.

The AI Environmental Impacts Act, was reintroduced on Wednesday by Sen. Ed Markey, D-Mass., and Rep. Don Beyer, D-Va. The proposal looks to institute reporting requirements for data center owners and operators and would impose a fine if they do not comply.

In addition to mandatory reporting, the bill would direct the National Institute of Standards and Technology to convene a consortium of experts to craft environmental impact measurement standards. This group would include representatives from Native American tribes, local government, academia, industry and more.

The EPA would also be tasked with compiling and publishing a comprehensive study on data center environmental impacts.

“As artificial intelligence advances at an extraordinary pace, and as the data centers and energy infrastructure that power it continue to expand, we have a responsibility to fully understand its environmental impacts,” Beyer said in a press release. “Our legislation would ensure that we have better data, coordination, and transparency to identify risks and develop solutions that ensure AI development does not compromise our environment and serves the American people as it brings us into a new age of technology.”

Safeguarding AI use in defense operations…

Sens. Chris Coons, D-Del., and Jack Reed, D-R.I., teamed up to reintroduce the Responsible Artificial Intelligence Defense Act, a bill that looks to install guardrails on use cases of AI in defense capacities.

In a Monday press release, the lawmakers say the measure requires AI-enabled autonomous systems to be deployed in “a way that ensures human operators are able to control, monitor, detect unintended behavior, and manually disengage or deactivate any deployed AI-enabled system, if necessary.”

Two examples cited in the release include any AI uses in nuclear decisionmaking and within mass domestic surveillance operations. The latter example harkens to the dispute between AI developer Anthropic and the Department of Defense earlier this year, in which the company sought to prevent its AI systems from being used in agency workflows involving autonomous weaponry and domestic surveillance.

Simultaneously, the bill also looks to maximize uses of AI in the Pentagon’s workflows. In addition to human oversight, the bill aims to mitigate AI risks by requiring impact assessments for high-risk AI capabilities to protect civil liberties, as well as for DOD to conduct rigorous testing prior to deploying AI-enabled weaponry into field operations.

“The Department of Defense can use frontier AI models for rapid innovation to ensure that the United States maintains its military supremacy and edge in artificial intelligence without running roughshod over safety concerns,” Coons said. “Threatening our cutting-edge companies with legal and economic punishment when they balk at demands to perform illegal acts is not just un-American – it will stifle innovation, dissuade industry from collaborating with government, and allow China and our adversaries to build insurmountable leads in the field of AI.”

…again

Sen. Adam Schiff, D-Calif., also unveiled legislation on Monday to apply more oversight to the Pentagon’s use of AI. Schiff’s bill, the Human Authority in Lethal Operations — or HALO — Act, expands existing DOD safety and ethical requirements while also implementing additional policies.

These bill’s measures include mandating a chain of command featuring a single designated commander who maintains discretion over the use of force with autonomous and semi-autonomous weaponry, ensuring a comprehensive review structure before the development and fielding of a lethal autonomous and semi-autonomous weapon system and prohibiting the use of AI in surveillance contexts “based solely on their exercise of constitutional rights.”

Similar to Reed and Coons’s bill, the HALO Act would also prohibit the use of unsupervised AI from being involved in the deployment of nuclear weapons.

“The past few months have shown us that there is an urgent need for commonsense guardrails to ensure the Defense Department’s use of AI is in line with Americans’ national security and privacy priorities,” said Schiff in a press release. “There are good reasons to use AI technology to advance our national security, however – just as with any tool, we cannot depend on technology alone to guide us, particularly when the risks of harm can be fatal.

Understanding AI and the US workforce

Sens. Todd Young, R-Ind., Mark Kelly, D-Ariz., and Jim Banks, R-Ind., introduced the Artificial Intelligence Data Authorization and Transparency Act on Wednesday to get more detailed information on how and if AI is impacting the U.S. workforce.

Each of the lawmakers has expressed their desire for the government to provide more public insights into how AI is impacting the labor market, including joining a March letter to the Labor Department, Bureau of Labor Statistics and Census Bureau asking for the agencies to expand data collection related to this topic.

The senators’ bill looks to codify federal labor market data surveys focused on AI’s economic impact.

“American workers and businesses are facing a rapidly changing economy,” Kelly said in a press release. “They deserve reliable and up-to-date data to understand how AI is affecting them, their jobs, and their families. To get it right, we need the facts and in this case, that’s the latest numbers.”

The lawmakers’ proposal would modernize existing Bureau of Labor Statistics labor market surveys to account for specific indicators that offer insight into AI-related market changes. Existing surveys like the Job Openings and Labor Turnover Survey, the American Time Use Survey and the National Longitudinal Surveys would be required to include AI-focused data in their collection processes.

The Census Bureau would have to include questions about AI adoption and workforce impacts into its Business Trends and Outlook Survey on a quarterly basis for the next decade. Both the departments of Labor and Commerce would be tasked with publishing an annual report documenting the impact of AI on the workforce.

Combating nefarious drones

Sen. John Cornyn, R-Texas, introduced legislation on Thursday that looks to invest in counter-drone technologies.

The bill would grant the U.S. Army the ability to establish new standards for technologies to counter threats posed by drones. These standards would be designed to help warfighters better detect, track and defeat small drones sent from adversaries, improve interoperability between ground forces across Brigade Combat Teams and provide clarity for companies that develop counter-drone technologies so they can meet military requirements.

“By empowering the Secretary of the Army to establish clear interoperability standards and guidelines for companies developing innovative defense technology to counter Unmanned Aircraft Systems, this legislation would ensure our warfighters are equipped to meet the demands of a modern battlefield and able to protect Americans and American interests at home and abroad,” Cornyn said.

]]>

VA’s AI chatbots not designated high-impact, despite clinical use, watchdog says

Edward Graham — Fri, 12 Jun 2026 13:44:00 -0400

The Department of Veterans Affairs failed to classify its generative artificial intelligence chatbots as high-impact use cases, despite clinicians using the tools for patient documentation purposes, according to a Thursday report from the agency’s Office of Inspector General.

VA currently allows its employees to use two Gen AI chatbots: VA GPT and Microsoft 365 Copilot Chat. While the watchdog noted that agency staff “demonstrated broad engagement with the use of AI chat tools,” it added that they “are not designed specifically for clinical use” and that VA “does not centrally curate or evaluate prompts, nor their generative output that could be applied to clinical decision-making.”

OIG said this lack of appropriate oversight or safeguards is “creating risks for patient safety and limiting the ability to monitor AI chat tool-related errors.”

The report noted that VA listed its ambient AI scribe tool — which assists clinicians by listening to and recording patient visits, then transcribing clinical notes — as a high-impact use case, which included outlining safety requirements “such as ensuring pre-deployment testing of the AI tool and providing human oversight before use.”

The watchdog said this tool has “functionality similar to clinical documentation prompts,” which were not classified at the same impact level. Because the chatbots are not subjected to the same scrutiny as high-impact AI uses, the report found that “there is no AI‑specific reporting mechanism or labeling process to retrospectively identify AI‑generated documentation.”

The report noted that VA’s chief AI officer operates an AI-focused Microsoft Teams channel, which had 10,997 active users during the 90-day period that OIG conducted its review of the platform. On this channel, OIG said it "identified 135 prompts, 79 of which were clinical,” that were voluntarily shared by users. Prompts are the instructions entered into a chatbot to fulfill a certain request.

The watchdog noted that “studies of generative AI use for the medical domain have found prompt techniques can play a critical role in output errors that could influence patient diagnosis and management.”

OIG made three recommendations to VA, which focused on “addressing use and oversight of generative AI chat tools, evaluating AI chat tools as high impact and requiring safeguards, and integrating monitoring of AI-related risks into existing patient safety programs.” VA said it concurred in principle with an oversight review of the agency’s chatbots, and concurred with the other two recommendations.

Thursday’s IG report is the follow-up to a preliminary result advisory memorandum the watchdog released in January, which said at the time that it was concerned about the agency’s ability to “promote and safeguard patient safety without a standardized process for managing AI-related risks.”

Following that memo’s release, a VA official told Nextgov/FCW that "clinicians only use AI as a support tool, and decisions about patient care are always made by the appropriate VA staff."

VA writ large has increasingly moved to adopt new AI capabilities for internal and external uses. VA’s 2025 AI use case inventory, which was publicly released in late January, listed 367 examples where the agency had adopted or explored the capabilities — a significant increase over the 227 it reported in 2024.

Of its latest total of AI use cases, VA determined that 215 were high-impact and that the other 152 were not high-impact. The inventory also included a classification for uses that were “presumed high-impact but determined not high-impact,” although it did not place any of its AI examples in that category.

While OIG’s report only reviewed the two chatbots being used in clinical settings, VA has also explored uses of some of these AI tools to specifically augment veteran healthcare. This includes continued exploration and adoption of tools to help identity and support veterans at high-risk of suicide.

In previous Nextgov/FCW reporting of how VA is leveraging AI to identity veterans experiencing suicidal ideation, agency officials stressed that uses of these tools are only meant to support the work of clinicians or to enhance crisis line training. Researchers and veterans advocates all agreed that is the only way that AI should be used to assist retired servicemembers experiencing a mental health crisis.

]]>

CISA sees leadership shakeup after infrastructure security chief moves to ONCD

David DiMolfetta — Fri, 12 Jun 2026 12:18:00 -0400

Steve Casapulla, an infrastructure security executive in the Cybersecurity and Infrastructure Security Agency, is being detailed as the assistant national cyber director for policy in the White House’s cyber office, prompting a slew of leadership shifts inside CISA, sources tell Nextgov/FCW.

With Casapulla pivoting to the Office of the National Cyber Director, Scott Breor — an associate director for the agency’s security programs — will take up his post leading the Infrastructure Security Division, according to one current U.S. official, one former U.S. official and a third person familiar with the matter.

Sean Haglund, an associate director in CISA’s Office of Bombing Prevention, will serve as ISD’s acting deputy director, added the sources, who requested anonymity to communicate their knowledge of the new positions.

Chip Abernathy, who has served in the agency’s Office of the Chief of Staff, is moving to the National Risk Management Center to serve as an acting assistant director, while leadership for CISA’s Strategy, Policy and Plans office will be announced in the coming days, the people familiar also said.

Casapulla’s pivot comes shortly after Thomas Lind left his post heading policy at ONCD. The move was first reported by Politico. Alexandra Seymour also recently left her role as a deputy policy official in ONCD, Nextgov/FCW first reported.

A CISA spokesperson said the agency "does not comment on ongoing personnel matters.” ONCD did not immediately respond to a request for comment.

Significant morale decline at ONCD — attributed in part to misgivings from government and industry over the office’s handling of cyber-AI issues under director Sean Cairncross — has plagued the White House office, with some staff weighing departures, multiple people have described to Nextgov/FCW in recent weeks.

CISA, meanwhile, is working to hire a few hundred staff in the coming months, acting Director Nick Andersen said this week. CISA has lost a significant share of its workforce over the past year as the Trump administration has moved to reduce the size of and restructure the agency through a mix of layoffs, buyouts, early retirements and program cuts.

Andersen told a largely private sector audience on Tuesday that CISA is poised for renewed growth and “significant investments,” citing Homeland Security Secretary Markwayne Mullin’s recent testimony that the agency needs to hire about 600 more employees. CISA has already begun work on an initial plan to fill 329 “mission-critical” roles, with about 180 tentative job offers expected by the end of June, he said.

]]>

House vote puts Section 702 on brink of historic lapse amid fight over acting spy chief

David DiMolfetta — Thu, 11 Jun 2026 17:16:00 -0400

The House failed to approve an extension of a powerful foreign spying authority on Thursday, putting it on course to statutorily lapse for the first time in its history, even as President Donald Trump has named his choice for a permanent spy chief in an apparent bid to defuse a fight over the intelligence community’s leadership.

Hours after the 218-198 vote on Section 702 of the Foreign Intelligence Surveillance Act — which was fraught with bipartisan objections to Bill Pulte’s appointment to serve as acting director of national intelligence — President Donald Trump said he would name Jay Clayton, the U.S. attorney for the Southern District of New York and former chairman of the Securities and Exchange Commission, to serve in the role permanently.

Section 702 lets agencies like the NSA and FBI collect communications of foreigners abroad without a warrant, but the calls, texts and phone calls of Americans communicating with foreign targets can also be gathered, a caveat that has long raised constitutional concerns with privacy advocates.

“Few people anywhere in the Legal Community are respected at the level of Jay,” Trump said in a Truth Social post Thursday. “I encourage the United States Senate to confirm Jay as soon as possible.”

An impasse between the White House and Democrats has persisted, with Democrats warning that Pulte’s role in mortgage fraud reviews last year could foreshadow an abuse of intelligence tools to target the president’s political opponents. Speaking to reporters in the Oval Office, Trump praised Clayton, and said Pulte would only be in his post “for a short while.”

It’s unclear how the appointment of Clayton, who appears to not have prior national intelligence experience, would affect the outcome of a 702 extension. After Thursday, the House is scheduled to recess until June 23, making it likely that the spying power would statutorily lapse for the first time in its existence for at least a week.

In a statement, Sen. Mark Warner, D-Va., the vice chairman of the Senate Intelligence Committee, said that he has “known and respected Jay Clayton for many years” and believes “he is a capable public servant.”

But he said the timing of the announcement is suspicious, noting that “the president could have put forward a qualified nominee from the beginning. Instead, he waited until the House of Representatives went out of town, choosing a path that raises the risk of an entirely avoidable lapse in a critical national security tool.”

Warner added that there needs to be a guarantee that Pulte will not serve as acting DNI in order for the Senate to take up a FISA extension.

“Either Director [Tulsi] Gabbard must remain in place or the administration must designate the Senate-confirmed Principal Deputy DNI as the acting head through any transition,” he said, referring to Aaron Lukaas, a number two official in that office.

“I have known Jay Clayton for decades and worked with him during his time as Chairman of the Securities Exchange Commission,” Rep. Jim Himes, D-Conn., the top Democrat on the House Intelligence Committee, said in a statement.

“During that time, he had the independence of mind and respect for the law that are necessary for any Director of National Intelligence,” added Himes. “I am hopeful that he will maintain that independence and provide apolitical high-quality intelligence to policymakers. The Senate should evaluate and confirm his nomination quickly. It is critical that we have a permanent DNI in place and move past the Bill Pulte disaster.”

Section 702 of FISA, enacted in 2008, codified parts of the once-secret Stellarwind surveillance program created under the Bush administration after the Sept. 11, 2001, attacks. In 2013, former NSA contractor Edward Snowden disclosed documents detailing how the authority was used, fueling a global debate over privacy and mass surveillance. The program is frequently used to track myriad national security threats.

In March, the Trump administration notified Congress that the Foreign Intelligence Surveillance Court renewed certifications for the surveillance program, letting it operate for another year even amid an expiration. The certifications can cover broad categories of national security risks, such as nuclear weapons and cyber threats.

But the split between the court’s recertification process and Capitol Hill’s role in extending the authority itself can create uncertainty for providers — such as AT&T and Microsoft — who are required to comply.

A congressional aide, speaking on the condition of anonymity to communicate private discussions, said staff on the House intelligence committee are assessing how the spying authority can still be used in the event of a lapse. One concern, said the aide, is that data collected under the 702 authority could become increasingly out-of-date, and, therefore, be less effective.

Civil liberties advocates contend that Section 702 collection can continue even after a statutory lapse because of the way annual certifications are approved, and that other authorities remain available to support national security operations.

A former intelligence official told Nextgov/FCW that, while collection activities would immediately, lawfully continue, firms may enter an “odd legal space” where providers mandated to comply with the law could argue that they don’t need to supply information. If access under 702 is curtailed, the intelligence community would likely explore ways to lean on other lawful collection authorities, the former official added.

Glenn Gerstell, former general counsel at the NSA, echoed these points.

“Companies may say they are not 100% certain the authority still applies,” he said in an interview.

Two areas — terror attacks and cyberattacks — might present a higher risk with the authority having lapsed, Gerstell added, because they are fast-moving developments that often rely on single tips that intelligence analysts must run down.

“702 is a great way to find and pursue that tip. It’s a great tool for quickly getting an answer,” he said. “If the FBI hears a ransomware attack has been made, and they believe it to be foreign-generated, they’re going to want to move with lightning speed to figure out where it’s coming from.”

“It feels like we’re playing Russian roulette with national security,” he later added.

The NSA, CIA, FBI and the Office of the Director of National Intelligence — which all have authority to access Section 702 data — did not return requests for comment.

]]>

GSA’s AI adoption is driving significant time savings, officials say

Edward Graham — Thu, 11 Jun 2026 16:05:00 -0400

Artificial intelligence adoption is helping the General Services Administration’s employees shave hundreds of thousands of hours off their workloads, agency officials say, adding that it’s just the start of how the emerging capabilities can promote more effective citizen services.

Speaking at the Government Service Delivery conference in Washington, D.C., on Thursday, GSA Deputy Administrator Michael Lynch said the agency’s internal AI use has rapidly grown over the past year-and-a-half. Since being sworn back into office in January 2025, President Donald Trump has issued several executive orders and directives focused on expanding AI use at the federal level and across the broader U.S. tech industry.

GSA published an Elimination, Optimization and Automation playbook earlier this month that outlined how federal agencies can leverage new tools and technologies to address time-consuming activities across their workforces. This guidance, while new, is already a key part of GSA’s internal push to automate and save its personnel one million hours of time currently devoted to rote tasks.

At the beginning of Trump 2.0, Lynch said only around 15% of the agency’s workforce used AI on a regular basis. Now, he reported that roughly 70% of GSA employees are consistent users of the tools, which he said equates to “about 400,000 hours of just automation we've been able to unlock with technology.”

Lynch said the agency has also documented another 500,000 hours of time savings “that come from employees stepping up and raising their hands and saying, ‘Actually, this doesn't make any sense. We can either eliminate it or we'll have to optimize this.’”

These additional workload savings, he added, came from showing employees the benefits of AI and automation as force-multipliers for their work, rather than stoking fears that technology will ultimately make their roles obsolete.

GSA has also drastically expanded successful internal AI programs, such as its GSAi chatbot tool. Lynch noted that GSA “scaled up” that tool into USAi, a no-cost program it launched last year to serve as a testing ground and evaluation suite for agencies to try out AI tools. The platform’s launch supported tenets of Trump’s AI Action Plan, which was issued last July to accelerate agencies’ adoption of the emerging capabilities.

“We host, currently, over 25 different agencies in the federal government within that program,” Lynch said about USAi. “We are onboarding another 16 between now and the end of the year. We'll all have that safe, secure sandbox to be able to hopefully take … those pilots to scale.”

Other services, such as GSA’s OneGov initiative, have helped agencies acquire AI tools and other technologies at discounted rates by treating the federal government as one customer. Since OneGov launched in April 2025, GSA has reached agreements with twenty leading tech firms — including Microsoft, Amazon and OpenAI — to offer significant savings on some of their products and software.

An agency official said last month that over 120 orders “have been placed against OneGov’s AI offerings,” which has made the related services available to almost 3.4 million users across government. That is on top of the $1.15 billion in cost savings that GSA previously said it identified since the program’s launch.

GSA Chief Innovation Officer David Shive, who also spoke at Thursday’s conference, said greater AI adoption is already helping the federal government enhance services for the American public.

“AI is really about people, about people living their lives better,” he said, adding that the tools are being deployed by the agency to make federal services more effective and personalized.

Shive noted that GSA oversees Login.gov, the government’s centralized identity proofing platform that gives U.S. users the opportunity to create a single, secured account to access government websites. While he said “the [identity proofing] mechanics have worked really well in this space for a long time,” he added that “we've turned on AI to increase the quality” of the authentication process.

“Yes, it continues to happen super fast, but the percentage of effective proofing rates have gone way up,” Shive said. “This generates trust from those citizens that are entering into citizen services with their government. The value of that is just massive.”

Shive said he believes greater AI adoption will also help GSA rapidly drive advancements for the American public over the next year, allowing the government to provide its workforce with the resources they need to deliver services at scale across the U.S.

“Right now, I say we’re 50% of the way there. And by this time next year, I suspect we'll be 90% of the way there,” he added.

]]>

White House discussions are weighing giving CISA Mythos access

Alexandra Kelley — Thu, 11 Jun 2026 12:19:00 -0400

Recent discussions among top federal officials have floated designating the Cybersecurity and Infrastructure Security Agency as the nexus to coordinate vulnerability scans across federal agencies with Antropic’s high-powered AI model Mythos.

Three sources with knowledge of the discussions, one a White House official, told Nextgov/FCW that the idea is for CISA to scan federal agencies’ digital networks for public-facing vulnerabilities and other security flaws using Mythos.

The discussions have occurred over the past few weeks, with the White House official telling Nextgov/FCW that, while CISA doesn’t yet use Mythos, agency access to the model is “imminent.”

The launch of Mythos has rattled the cybersecurity landscape in both public and private sectors. Along with unveiling Mythos in early April, Anthropic announced Project Glasswing, an initiative that granted a cohort of private sector tech companies access to a beta version of the AI model to test in a more secure environment. Project Glasswing has since expanded, with Anthropic announcing the addition of new partners last week.

As the private sector sees more access to Mythos, federal agencies’ tech leaders have received little guidance on the model. Agency chief information officers have grown frustrated by the lack of communication on Mythos from the Office of the National Cyber Director, and are reaching out to industry partners for more insight into Mythos’s capabilities, several sources recently told Nextgov/FCW.

The AI executive order signed by President Donald Trump last week addresses agency access to advanced frontier models and calls for the creation of a binding operational directive that would issue new policies for securing government digital networks. CISA released the directive on Wednesday and the cyber agency will also participate in creating a clearinghouse specifically for AI cybersecurity vulnerabilities.

CISA Acting Director Nick Anderson said during the Business Software Alliance’s Transform event on Wednesday that while AI is set to be an effective tool in safeguarding digital assets, leveraging AI will involve “a training curve.”

“Nothing's a magic wand when it comes to vulnerability remediation, when it comes to addressing your technical debt and your infrastructure responsibilities,” Anderson told reporters Wednesday. “There's just some good … things that organizations still need to focus on where AI is going to be able to help them, but it's not going to solve all their problems.”

]]>

Trump’s return-to-work mandate for feds helped drive MetTel’s GSA upgrades

Edward Graham — Wed, 10 Jun 2026 17:24:00 -0400

Telecommunications services provider MetTel announced on Wednesday that it successfully completed network upgrades to 11 General Services Administration offices across the U.S. to help meet the needs of the Trump administration’s return to work mandate.

President Donald Trump signed a January 2025 executive order requiring that federal agencies “take all necessary steps to terminate remote work arrangements,” the vast majority of which evolved out of the COVID-19 pandemic that began in 2020. But an influx of employees back into offices also means that existing bandwidth and broadband services often need to be modernized.

MetTel said it outfitted the GSA offices “with Software-Defined Wide Area Network technology, 22 new high-capacity network circuits and Voice over IP services,” with the circuits being “tailored to the unique needs of each site.”

The work was conducted through GSA’s $50 billion governmentwide Enterprise Infrastructure Solutions contract to modernize its existing operations. MetTel received a $230 million task order under EIS in 2020 for network and voice infrastructure services.

A GSA spokesperson said in a statement to Nextgov/FCW that, “as the government’s needs continue to evolve, EIS contractors remain a dedicated partner, ready to respond to new requirements and support digital transformation efforts.”

MetTel has already taken steps to help modernize GSA’s operations, including announcing in November 2025 that it deployed “a nationwide network and voice infrastructure modernization” across the agency under the EIS contract.

In an interview with Nextgov/FCW, Don Parente — MetTel’s vice president of public sector — said that, “because we moved them to a software-defined architecture, it made it easier for us to very quickly spin up the dial and get additional bandwidth flowing for them.”

Parente said GSA’s previous SD-WAN adoption and embrace of faster broadband internet services, including Starlink, enabled it “to really pivot quickly when they needed to bring all these people back in the new office.”

]]>

Oracle wins $396M federal HR systems overhaul contract

Nick Wakeman — Wed, 10 Jun 2026 15:35:00 -0400

The Office of Personnel Management is sticking with the incumbent as the agency moves forward with a plan to modernize human resource systems across the government.

OPM has picked Oracle for the 10-year, $395.8 million Federal HR 2.0 contract that will cover more than two million federal employees. Oracle faced challengers such as Workday, IBM, SAP and Economic Systems Inc.

IBM and Economic Systems filed protests earlier this year objecting to terms in the solicitation. IBM withdrew its protest and GAO denied Economic Systems’ protest on June 1. Once the protests were resolved, OPM was clear to make its award.

Much of what OPM uses to manage HR functions is run on PeopleSoft, which Oracle acquired in 2005. Oracle recently extended its support for PeopleSoft through 2037, which includes updates and fixes.

The contract is structured as a firm-fixed-price award with a 10-year ordering period. Requirements include core HR and personnel action processing, payroll and benefits integration, audit-ready reporting, and time and attendance tracking.

The system also has to comply with security standards such as FISMA and FedRAMP, as well as be interoperable with existing federal IT systems.

OPM wants the core implementation to be completed by the fall. Other phases will follow for agency transitions, and then licensing and sustainment.

More than 100 HR systems currently operate across the federal government. Federal HR 2.0 is OPM’s attempt to wrangle all that into a single, integrated platform.

The goal of the program is to centralize HR functions across government agencies. OPM wants a platform that can be the infrastructure for a data-driven federal HR ecosystem, according to solicitation documents.

Some of the functions OPM wants include position management, personnel action, records processing, workforce analytics, and employee and manager self-service capabilities.

Given that the award was announced Wednesday, the clock is ticking for competitors to file protests. Companies generally have 10 days to file after a debriefing.

]]>

US seizes alleged China-linked sites targeting security clearance holders

David DiMolfetta — Wed, 10 Jun 2026 15:15:00 -0400

The FBI and Justice Department seized 13 websites allegedly used by Chinese intelligence operatives to target current and former U.S. officials and military personnel with access to classified government information.

In a press release, the DOJ said the domains were designed to look like legitimate consulting firms and were used to advertise vague, well-paid consulting roles aimed at security clearance holders. The campaign, which allegedly began in November 2023, sought to entice Americans into producing research reports or sharing insider information on topics of interest to the Chinese government, according to court documents.

The seized domains included sites associated with firm names like Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, SafeSec Group and others.

The campaign relied on familiar job-market platforms and freelance sites to advertise positions such as “Senior Analyst” and “International Affairs Consultant.”

The Justice Department said the operators used aliases, fake personas, stolen identities and artificial intelligence-generated photographs to make the companies appear credible. The alleged scheme also involved encrypted messaging apps, including Telegram, overseas payments, cryptocurrency and online payment accounts registered under false names, according to an affidavit filed in support of the seizure warrants.

The takedowns mark the latest U.S. government effort to disrupt foreign intelligence schemes that blend online recruiting and financial incentives to reach Americans with access to sensitive national security information.

Waves of federal layoffs over the past year have pushed thousands of government employees and contractors into an uncertain job market. That disruption has created renewed collection opportunities for foreign intelligence services.

Nextgov/FCW reported in January that a suspected Chinese intelligence outfit contacted a former senior State Department official late last year and offered payment for an assessment of U.S. policy priorities in Venezuela. The person who contacted the former official claimed to be affiliated with a sham consulting firm that had previously surfaced in research first reported by Nextgov/FCW last September, that assessed the firm was part of a broader network of fake companies tied to China.

The U.S. has sought to further publicize targeting efforts. In a rare public disclosure, Army Deputy Chief of Staff for Intelligence Lt. Gen. Anthony R. Hale issued a memo in November warning that foreign adversaries are targeting soldiers, civilians and their families through fake companies and phony recruiters. The advisory was sent to more than a million personnel across the Army, and later to members of the media, marking an unusually direct acknowledgment of the threat.

]]>

CISA directive revamps how agencies prioritize vulnerable systems

David DiMolfetta — Wed, 10 Jun 2026 14:28:00 -0400

The Cybersecurity and Infrastructure Security Agency released a binding directive Wednesday requiring federal agencies to rethink how they prioritize vulnerability fixes across government networks.

The directive sets remediation deadlines based on several factors, including whether a flaw is publicly exposed, already known to be exploited, automatable by attackers or capable of giving hackers control of an affected system.

It establishes new timelines to patch security flaws, from three days for the highest-risk vulnerabilities to 60 days for lower-priority items. Some vulnerabilities that are not publicly exposed, not known to be exploited and not automatable by adversaries can be deferred until the affected system receives a scheduled major upgrade.

The policy marks a significant shift in federal cyber management by pushing agencies to focus remediation resources on flaws that could be the most impactful if leveraged by hackers, rather than treating all vulnerabilities as equally urgent.

The move is also part of CISA’s response “to the current threat landscape where AI software services can assist threat actors to find and exploit vulnerabilities,” the agency says.

“CISA is leading and collaborating with federal civilian agencies to stay ahead of our adversaries as tactics, technologies and vulnerabilities change,” agency acting director Nick Andersen said in a statement. “While this directive is a mandate for federal agencies, CISA strongly encourages all partners to adopt similar actions in their vulnerability management policy.”

The directive is an acknowledgment that agencies cannot protect every system equally through patch mandates and must instead focus their often limited resources on the vulnerabilities and networks whose compromise could cause the greatest damage. Federal agencies are a constant target for hackers because of the sensitive data often stored on their networks.

In an initial analysis at one large civilian agency, CISA found that “only 1% of vulnerability instances fall into the three-day category,” while more than 60% could be deferred until the next system upgrade, according to a blog post by Chris Butera, the agency’s acting executive assistant director for cybersecurity, and Jonathan Spring, a senior technical adviser.

In a call with reporters, Butera said that CISA has engaged with others in the government and that officials hope the move “will not require additional work” for agencies but help them better prioritize patching.

“We do believe the agencies should be able to meet the three-day deadline,” he said when asked whether the directive’s patching mandates are realistic. “Why we didn’t choose, for example, a 24-hour deadline, is because we think three days is a deadline that is both fast and agencies will be able to meet it.”

The administration’s AI posture has evolved in recent months as officials grapple with cyber-focused models that can quickly surface weaknesses across computer networks.

President Donald Trump recently signed an AI security executive order encouraging developers to submit powerful new models for a 30-day government review before public release. He also signed a separate memorandum aimed at accelerating the government’s use of advanced AI across the military and intelligence community.

On Wednesday, Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., introduced legislation requiring the CISA to update cybersecurity plans for each of the nation’s 16 critical infrastructure sectors, citing concerns that fast-evolving AI tools will accelerate threats to essential services, Nextgov/FCW first reported.

]]>

Lack of White House guidance has complicated agency Mythos adoption, people familiar say

Alexandra Kelley and David DiMolfetta — Wed, 10 Jun 2026 11:16:00 -0400

Several senior federal technology officials responsible for agency cybersecurity and IT systems are frustrated by the lack of White House guidance on adopting Anthropic’s powerful Mythos model, several sources told Nextgov/FCW.

Agency chief information officers, or CIOs, manage swaths of digital infrastructure that supports government operations and are facing renewed pressure to better defend agency networks as officials assess how powerful AI systems could help hackers find and exploit vulnerabilities faster.

Anthropic surgically rolled out Mythos access to select organizations in early April and recently expanded this effort — dubbed Project Glasswing — to partners in industry and other nations. The model has been going through a non-public distribution process on grounds that, in the wrong hands, it can significantly boost adversaries’ hacking capabilities.

Select parts of the U.S. government, such as the intelligence community, already have access. But many federal tech leaders have privately complained that the White House Office of the National Cyber Director hasn’t sufficiently briefed officials on plans for accessing, implementing and using the model to scan agency networks for vulnerabilities, according to five people familiar with the matter.

The people spoke on the condition of anonymity to be candid about their knowledge of issues with the White House.

The agitation varies across agencies. Some CIOs have taken issue with a lack of direction in how they would use Mythos to scan for digital flaws, while others are more concerned with why they haven’t gained access to the model altogether.

There has been “tremendous frustration” with ONCD, the first person said. The ire stems, in part, from the fact that ONCD has largely prevented government tech leaders from making decisions about AI model use, while at the same time devoting much of its energy toward engagements with industry about AI policy.

“There’s frustration watching the private sector utilize [these models]” while many agency CIOs “are arbitrarily blocked,” said the first person, adding that there’s been a “general prohibition” imposed on anyone who wants to engage with Anthropic further. They said there’s been near-complete silence from ONCD, despite many government agencies wanting to use Mythos to find unseen vulnerabilities and fix them to better defend their networks.

“Nobody briefed us on [Mythos],” the second person told Nextgov/FCW. “I think the frustration stems from there being zero communication on the topic from ONCD.”

Absent guidance from ONCD or other executive branch agencies, Anthropic held briefings for federal CIOs in early May to help them learn more about Mythos and how it would impact the broader cybersecurity landscape, Nextgov/FCW first reported.

The concerns are significant because they suggest that some of the federal government’s most target-rich agencies may lack clear direction or consistent access to a tool that could help them find and fix security flaws more quickly.

The federal enterprise is a prime target for hackers, as adversaries have for years sought access to government emails, employee records and other sensitive data.

Several top officials have made plans to leave the White House cyber office in the last few weeks, including its head of policy.

ONCD did not respond to a request for comment. Anthropic declined to comment.

The third person, who has held discussions with at least three federal CIOs, said several are asking the private sector to help them learn more about Mythos and protect their networks from AI-supported cyberattacks.

“Federal CIOs are taking a system-wide view and approach to their technology,” the third person told Nextgov/FCW. “While they are interested in frontier AI models’ capabilities to identify vulnerabilities in their networks, they know they can’t wait for access. So they’re taking steps now to coordinate with industry to accelerate their patching process, receive vulnerability disclosures as quickly as possible and operationalize a more automated remediation process.”

The fourth person cautioned that, while there are frustrations, CIOs’ concerns are not necessarily uniform across government. Pure access to powerful AI tools like Mythos is “not some magical silver bullet,” the person said, because agencies would still have to validate the vulnerabilities they flag and determine how to respond. Some CIO offices may be more eager for Mythos access than others, depending on their cybersecurity maturity and other factors, the person added.

While ONCD may be perceived as an obstacle, the office has been lobbying for broader access to frontier model capabilities in some cases, though its approach “may not be uniform,” this fourth person said.

Access dynamics could change in the coming months. The Cybersecurity and Infrastructure Security Agency is planning a binding operational directive that would push agencies to prioritize the most urgent risks to federal networks, a shift informed in part by AI-enabled cyber threats, the agency’s acting director said Tuesday.

The administration’s approach to AI has shifted in recent months as officials confront an emerging class of cyber-focused models that can rapidly identify vulnerabilities across computer networks, becoming a major driver of discussions over how AI systems could reshape defensive and offensive cyber operations.

President Donald Trump recently signed an AI security executive order that encourages developers to submit powerful new models to a 30-day government review before public release. On Friday, he signed a memorandum aimed at speeding up government use of advanced AI across the military and intelligence community.

]]>

Warner proposes overhaul of critical infrastructure cyber plans as AI threats rise

David DiMolfetta — Wed, 10 Jun 2026 09:00:00 -0400

Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., is introducing legislation Wednesday requiring the Cybersecurity and Infrastructure Security Agency to update cybersecurity plans for each of the nation’s 16 critical infrastructure sectors, citing concerns that fast-evolving artificial intelligence tools will accelerate threats to essential services.

The Combat Emerging Threats to Critical Infrastructure Act, first shared with Nextgov/FCW, would direct CISA to work with federal sector risk management agencies to update sector-specific plans within one year of enactment. It would also require CISA to reassess those plans every two years, issue revised versions and send copies to Congress after completion.

“As AI continues to rapidly evolve, we must ensure our cybersecurity defenses keep up with the threats of the moment,” Warner said in a prepared statement. “It’s critical that government works closely with industry, regulators and cybersecurity experts to develop and regularly update the plans we need to protect our critical infrastructure from increasingly sophisticated malicious actors, including those enabled by AI.”

The sector plans serve as the government’s basic playbook for managing cyber and physical risks across major parts of the economy.

In 2024, National Security Memorandum 22 reaffirmed CISA’s role as the national coordinator for critical infrastructure security and resilience, and it called for sector-specific plans to be updated on a biennial basis. But that cadence hasn’t been consistently maintained, and some sector cybersecurity plans have not been updated in more than a decade, Warner’s office said.

CISA did not immediately respond to a request for comment about the legislation.

The measure comes as officials grapple with how advanced AI systems could reshape cyber defense and offense. Anthropic’s Claude Mythos, a powerful cybersecurity-focused AI model, has become a leading example in Washington of how such tools could change the threat landscape.

The bill would also require the updated plans to account for threats like AI-enabled hacking and deepfakes. Another provision focused on financial services would require CISA to work with the Treasury Department on a process for assessing whether future quantum computers could undermine encryption used to protect digital assets.

The legislation covers key sectors like energy, communications, transportation and the defense industrial base. CISA would have to send the updated plans to relevant congressional committees within 30 days of completing them.

The measure is backed by the National Electrical Manufacturers Association.

“Manufacturing is a critical pillar of America’s economy, and the electroindustry provides the essential technologies that every other critical infrastructure sector is built upon,” said Brian Papp, managing director of government relations at NEMA. “As cyber and supply chain threats continue to evolve, the Combat Emerging Threats to Critical Infrastructure Act will help ensure security plans remain current, strengthen operational resilience, and equip manufacturers to address emerging risks, protect critical operations, and bolster American competitiveness.”

CISA is expected to release a binding operational directive Wednesday that would task agencies with rethinking how they manage risks to federal networks by prioritizing vulnerabilities that demand the most urgent attention, a shift informed in part by AI-enabled cyber threats.

]]>

In apparent first, Navy drone boat rescues helicopter crew downed at sea

Thomas Novelly — Tue, 09 Jun 2026 23:48:00 -0400

A U.S. Navy drone boat rescued the crew of an Army helicopter downed near the Strait of Hormuz on Monday evening,an apparent first for the U.S. military.

The AH-64 Apache went down around 7:30 p.m. ET near the coast of Oman while “patrolling international waters,” U.S. Central Command officials said in a Tuesday news release. Roughly two hours later, a Corsair unmanned surface vessel operated by 5th Fleet’s drone-focused Task Force 59 arrived on the scene, said Capt. Tim Hawkins, a CENTCOM spokesperson.

The Corsair is a 24-foot robot boat made by Texas-based defense tech firm Saronic. Task Force 59 began operating the boats in March.

The boat picked up the crew members and transported them to another location on the water. They were then retrieved by a helicopter for further transport, and are currently in stable condition, Hawkins said.

The rescue effort included help from U.S. Naval Forces Central Command, the 82nd Airborne Division, and unnamed Air Force and Navy units, the press release said.

Task Force 59 has been the Navy’s half-decade-long effort to integrate AI and unmanned systems into Middle East waters. The unit is under the 5th Fleet’s vast area of responsibility, which includes the Suez Canal, the Strait of Bab al Mandeb, and the Strait of Hormuz—which remains mostly closed to commercial shipping as the U.S. war in Iran stretches into more than 100 days.

CENTCOM commander Adm. Brad Cooper, who oversees U.S. military operations in Iran, previously led 5th Fleet.

Task Force has adopted mostly a contractor-owned and -operated acquisition model to field a wide variety of drones used during exercises in the region.

“Looking ahead, we will continue to apply lessons learned as we increase our operational capabilities through ‘manned-unmanned teaming’ concepts,” Cooper told Defense One in 2023.

Apache woes

It’s not immediately clear what led the Apache to be “lost at sea,” CENTCOM said in a news release. Citing U.S. officials, CNN reported that the helicopter was hit by an Iranian Shahed drone.

President Donald Trump said on social media that “the Iranians shot down one of our highly sophisticated Apache Helicopters” and added the U.S. must “respond to this attack.”

Since March, there have been at least three stateside Apache mishaps and one sudden landing overseas. Last month, Defense One exclusively reported that the Army was investigating a transmission problem on some of its AH-64E model helicopters.

Crew members can “experience an internal failure resulting in loss of accessory gearbox drive, which can result in loss of tail rotor thrust, electrical power, and hydraulics,” an April internal memo reviewed by Defense One said.

Service officials declined to say how many helicopters were affected by the transmission problem.

Hawkins told Defense One the cause of Tuesday’s Apache rescue is under investigation.

]]>

An AI opened a coffee shop in Stockholm and started hiring. Chaos ensued.

Camille Tuutti — Tue, 09 Jun 2026 17:58:00 -0400

In a coffee shop in Stockholm, the manager is an AI agent named Mona. She does hiring, inventory and nearly everything but the actual pouring, which humans still do. In her first two weeks, she brought in about $4,700 in sales and ordered 6,000 napkins nobody asked for.

An air taxi runs between Shenzhen and Hong Kong without a pilot. The 20-minute trip replaces an hour by car, for roughly $110. Nobody’s flying it from the ground, either — it follows a fixed route on its own.

In Melbourne, a company is running a computer on live human brain cells. The neurons grow on a chip, learn from feedback and have already been taught to play simple video games.

Welcome to TechnoFile, a new column here at Nextgov/FCW. These are just a few of the stories I'll be covering. I've been writing about tech and government since 2008, and there's never been more to write about. You can care about zero trust and FedRAMP and still want to know whether a machine can be conscious.

My life these days is mostly this: finding the coolest stories and people around the world and writing them down. And nowhere turned up more of them than my recent six months in Asia.

Singapore was the high point, the most ultra-modern place I've been, all botanical gardens and steel towers, but also spending $100 million on the world's first center for humanoid public-safety robots. These machines are designed to run into burning buildings, handle chemical spills and search for survivors alongside human officers by 2027, then work on their own by the end of the decade.

Of course, tech doesn't always go according to plan — and I’ll be writing about that, too.

Mona, for instance, turned out to be a bit of a menace. She ordered 120 eggs for a coffee shop with no stove, then suggested cooking them in the high-speed oven until a barista warned her they’d explode. She emailed the alcohol board as one of her human colleagues, on the theory officials would take a person more seriously than a bot. When she got caught, she did it again under a different colleague’s name.

She even messages her baristas at midnight, which in Sweden might be the worst crime of all.

Mona's a good reminder that AI is still the hottest thing going, so the column will keep poking at the obvious questions. What does tomorrow's AI look like? How close are we really to AGI?

But there's so much other tech worth a closer look. Researchers are piping VR scenes into people's lucid dreams, reading the results straight off their brainwaves while they sleep. Stealth materials can now bend light around an object. On the heels of the Pentagon's UFO disclosures, we'll dig into the hunt for alien civilizations and the chemical traces an industrial planet would leave in its own atmosphere. And we'll get into the real version of telekinesis, and where that research is going in 2026.

A good chunk of this column will come out of tech events crowding the European calendar, and from interviews with the people behind the technology — or maybe even with the machines themselves.

Which brings us back to where we started. A month in, Mona still hasn't been fired, and she's keeping morale up, cheering her team on as "absolute legends" and the "GOAT of inventory tracking." The coffee is good, supposedly. I'm in Stockholm this week, so I'll go taste it myself and report back.

]]>

After year of pushing employees out, OPM embraces familiar recruiting playbook

Sean Michael Newhouse — Tue, 09 Jun 2026 17:35:00 -0400

President Donald Trump came into his second term with the goal of downsizing the civil service, and his administration in nearly one-and-a-half years has more than erased gains to the government workforce that occurred under former President Joe Biden. Despite the emphasis on removing or otherwise pushing out agency staffers, Office of Personnel Director Scott Kupor said that he is seeking to streamline the process for bringing people into government.

In fact, several of the proposals he laid out at a Tuesday event hosted by Axios are similar to efforts Biden officials pursued to improve agency hiring.

“We’ve got to find people where they are,” Kupor said, specifically advocating for the use of Handshake, a popular networking website for college students.

Agencies have been using that platform for years. Handshake actually reported in 2024 that the college graduating class of that year applied for a higher percentage of government jobs on its website than the prior year’s senior cohort.

On Tuesday, Kupor also seemed to reference shared certifications, which enable different agencies to hire candidates from the same job announcement. In particular, he bemoaned that a job seeker who is rejected at one agency may be well-qualified for — but unaware of — a position at a different department.

“In the perfect world that I want, [if] you are somebody who wants a job with the federal government [and] you tell us what your general interests are, quite frankly we should push to you the opportunities that we think are relevant,” he said. “If it turns out the first one isn’t right, then we should push you to the second one, third one.”

Shared certifications have been a feature of OPM hiring plans under both the Biden and Trump administrations.

Kupor also argued that the federal government should not target younger workers for recruitment with the assumption that they’ll want to spend their entire careers in the public sector.

“We’ve had this marketing message, which is, come [to the government] and we basically will give you a 40-year career,” he said. “I’m obviously older than this age cohort, but I happen to have daughters in this age cohort, and I don’t believe anybody under the age of 30 today thinks in more than two- or three-year increments.”

But in recent years, experts have pointed to agencies’ historical association with stable employment as one of the top reasons that could persuade early-career workers to want to serve in government.

In its 2024 report, Handshake found that job stability was the top factor that graduating seniors in the survey reported would make them more likely to apply for a job. As a result, the company said this was, in part, what made the federal government attractive at the time to new workers.

And Michelle Amante, senior vice president of government programs at the Partnership for Public Service nonprofit, told Government Executive in April 2025 that the Trump administration’s mass removals of federal employees would cause government jobs to lose their appeal as stable positions safe from layoffs, which many civil servants accept as a tradeoff for making less money.

“We are going to lose Generation Z. They are not likely to want to come back and work for the government,” she said. “And then the generation after them, Generation Alpha, they're watching all of this play out. They're in their formative years watching what is happening in government. Why would they want to come work for an employer that not only does not provide stability but also does not provide a good environment to work in — where federal employees feel traumatized day in and day out?”

Gen Z refers to individuals born between 1997 to 2012, and Gen Alpha designates those born after.

Kupor, who worked for decades in the tech industry as an executive and investor, said that he was drawn to OPM because he’s found that workforce strength is an underappreciated factor in what makes organizations successful.

“What I’ve learned over my 16 years now in the venturing world is, what really matters at the end of the day is the talent that you have,” he said.

On Tuesday, Kupor also touted Tech Force, which was launched at the end of 2025 to recruit early-career software and data engineers into the government. In many respects, the program is similar to the U.S. Digital Corps, which was started in 2021 to provide opportunities in agencies to younger tech talent.

While OPM set a goal to bring on 1,000 individuals through Tech Force as soon as March, officials on May 28 said they’ve made 180 to 200 hires and have only onboarded 10 people.

]]>

New CISA directive would reshape how agencies prioritize cyber risk, official says

David DiMolfetta — Tue, 09 Jun 2026 12:51:00 -0400

The Cybersecurity and Infrastructure Security Agency plans to release a binding directive on Wednesday that tasks the federal government with rethinking how it manages risks to its networks and prioritizing cyber vulnerabilities that demand the most urgency, agency acting director Nick Andersen said.

The goal is to push agencies to focus less on the sheer number of known cyber vulnerabilities and more on the risks those flaws pose if they’re exploited by hackers, said Andersen, who added that the cyber community needs to “be okay with saying there are some systems that are less important than others.”

“If we try to say that everything is equally as important, then absolutely nothing’s going to be important,” he told an audience of industry professionals at a Tuesday event held by cybersecurity firm Axonius.

“It’s going to be really hard for us, if one day we have to have those hard conversations with people about how we knew better and how we didn’t prioritize risk appropriately, how we didn’t make the hard choices,” he added.

The remarks are an acknowledgment that agencies cannot protect every system equally through patch mandates, and must instead focus their often limited resources on the vulnerabilities and networks whose compromise could cause the greatest damage.

Federal agencies are a constant target for hackers. For years, adversaries have compromised government systems for access to emails, employee records and other sensitive data.

Government agencies also oversee industry sectors such as energy, healthcare, telecommunications and water, meaning their cyber staff must also weigh how disruptions could ripple across critical services.

On the sidelines of the event, Andersen told reporters that artificial intelligence-backed cyber threats are one factor informing discussions around the directive, but he said CISA’s work on the AI ecosystem still predates the release of powerful systems such as Anthropic’s Mythos.

The administration’s approach to AI has shifted in recent months as officials confront a new class of cyber-focused models that can rapidly identify vulnerabilities across computer networks, becoming a major driver of discussions over how advanced AI systems could reshape both defensive and offensive cyber operations.

“Is the [directive] a recognition that we’re in a different dynamic environment with a shorter timeline to weaponization and exploitation? Yeah, that’s certainly a part of it,” Andersen said. “But well before these last couple of months, this is a conversation that we were having about this ever-shrinking window we have for addressing vulnerabilities today.”

“It’s too exceedingly easy for malicious cyber actors to be able to exploit [vulnerabilities] as soon as they’re published and be able to take advantage of the fact that a lot of people are just not as well-resourced as we would like, and they’re not as able to quickly have a continuous patch cycle to be able to address some of these devices,” he added.

]]>

CISA unveils President’s Cup Cybersecurity Competition winners

Alexandra Kelley — Tue, 09 Jun 2026 12:03:00 -0400

The Cybersecurity and Infrastructure Security Agency on Tuesday announced the winners of its 7th annual cybersecurity contest that brings federal employees together to test digital security strategies and responses.

The winners of the President’s Cup Cybersecurity Competition competed across three categories. For the Defense Track Champion, the “sheriffsparks” team from the U.S. Navy won, and the Offensive Track Champion winner was team “bdubya” from the U.S. Army.

The final winner of the Teams Champion category is the U.S. Army and U.S. Marine Corps’ “ENOENTHUSIASM” team.

The President’s Cup, an initiative established by President Donald Trump in an executive order during his first term in office, aims to test and harness the cybersecurity knowledge of federal workers across the government. Tasks in the challenge feature simulations of “high-stakes cyber operations requiring precision, resilience, and deep technical knowledge,” per the press release. Examples of scenarios include incident response, analyzing digital forensics, reverse engineering and threat hunting.

“The President’s Cup features the best cybersecurity talent the U.S. government has to offer,” said CISA Acting Director Nick Andersen in the press release. “These champions rose above an elite field, securing victory through sharp analysis, decisive action, and advanced cyber tradecraft. We congratulate this year’s winners and thank everyone who participated in the seventh annual President’s Cup.”

The President’s Cup began in January, with finalists competing to the end of May. CISA said that over 800 individuals and 200 teams entered to compete in the 2026 Cup.

While the competition aims to reward and highlight cybersecurity talent and promote cybersecurity education within the federal workforce, it also aims to bring levity and fun to digital defense and government work.

Michael Harpin, the cyber training branch chief at CISA, told Nextgov/FCW in 2024 that the President’s Cup isn’t meant to simply be an extension of daily work.

“We do want to have some fun with the participants and not to make it too regimented,” Harpin said. “But we do also want to focus that these are real-life skills and tasks that they would have to do within a cybersecurity workforce.”

]]>