---

title: "White House cyber official: identity security matters more"
type: raw
source: newsletter
source_url: https://cyberscoop.com/white-house-federal-identity-security-ai-risks/
tags: [cyberscoop]
fetcher: jina
review_value: 7
review_confidence: 8
review_recommendation: worth-reading
ingested: 2026-05-18
sha256: a7949805aeaf4f5d64fe5114ad813b285e51e73666fae19395083a0ef7263f8b

---
Title: White House cyber official: identity security matters more than ever in the age of AI
URL Source: https://cyberscoop.com/white-house-federal-identity-security-ai-risks/
Published Time: 2026-05-14T20:15:21Z
Markdown Content:
# White House cyber official: identity security matters more than ever in the age of AI | CyberScoop
[Skip to main content](https://cyberscoop.com/white-house-federal-identity-security-ai-risks/#main)
Advertisement
*   [CyberScoop](https://cyberscoop.com/)
*   [AIScoop](https://aiscoop.com/)
*   [FedScoop](https://www.fedscoop.com/)
*   [DefenseScoop](https://defensescoop.com/)
*   [StateScoop](https://statescoop.com/)
*   [EdScoop](https://edscoop.com/)
[Advertise](https://scoopnewsgroup.com/oursolutions/)Search Close
 Search for:  Search
[![Image 1: CyberScoop](https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/logo-cyber.svg)](https://cyberscoop.com/)
Open navigation
*   [Topics](https://cyberscoop.com/white-house-federal-identity-security-ai-risks/)
Back
    *   [AI](https://cyberscoop.com/news/ai/)
    *   [Cybercrime](https://cyberscoop.com/news/threats/cybercrime/)
    *   [Commentary](https://cyberscoop.com/news/commentary/)
    *   [Financial](https://cyberscoop.com/news/financial/)
    *   [Government](https://cyberscoop.com/news/government/)
    *   [Policy](https://cyberscoop.com/news/policy/)
    *   [Privacy](https://cyberscoop.com/news/privacy/)
    *   [Technology](https://cyberscoop.com/news/technology/)
    *   [Threats](https://cyberscoop.com/news/threats/)
    *   [Research](https://cyberscoop.com/news/research/)
    *   [Workforce](https://cyberscoop.com/news/workforce/)
*   [Special Reports](https://cyberscoop.com/specials/)
*   [Events](https://cyberscoop.com/attend)
*   [Podcasts](https://cyberscoop.com/listen/)
*   [Videos](https://cyberscoop.com/watch/)
*   [Insights](https://cyberscoop.com/insights/)
*   [CyberScoop 50](https://cyberscoop.com/cyberscoop50/vote/)
 Switch Site 
*   [CyberScoop](https://cyberscoop.com/)
*   [AIScoop](https://aiscoop.com/)
*   [FedScoop](https://www.fedscoop.com/)
*   [DefenseScoop](https://defensescoop.com/)
*   [StateScoop](https://statescoop.com/)
*   [EdScoop](https://edscoop.com/)
[Subscribe](https://cyberscoop.com/subscribe/)
Advertisement
Subscribe to our daily newsletter.
[Subscribe](https://cyberscoop.com/subscribe)
Close
*   [Government](https://cyberscoop.com/white-house-federal-identity-security-ai-risks/)
# White House cyber official: identity security matters more than ever in the age of AI
 While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday.
**By**[Derek B. Johnson](https://cyberscoop.com/author/derek-johnson/ "Derek B. Johnson")
May 14, 2026
[Audio 2](https://wp-tts-cdn.api.scpnewsgrp.com/cyberscoop/89023/english.openai.mp3)
[](https://cyberscoop.com/white-house-federal-identity-security-ai-risks/#)
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. 
![Image 2](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/Nick-Polk-and-others.jpeg?w=900)
 Nick Polk, branch director for cybersecurity at the Executive Office of the President, said government agencies must pay more attention to identity security in the age of AI. (Image Source: Maggie Callahan/Scoop News Group) 
As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday.
Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while [AI](https://cyberscoop.com/tag/artificial-intelligence-ai/) models will present unique threats to federal networks, they will still generally require trusted access first, something defenders can use to their advantage.
“I think the important thing is that in many cases in order to use and exploit the vulnerabilities that [AI] might find, or use them in a manner…that could be malicious or adversarial, the first thing you have to do is get into the network,” Polk said at the Rubrik Public Sector Summit presented by FedScoop. “There are some cases where your software is facing the internet, there’s a little bit of an easier solution there, but most times you have to get into the network.”
That often means exploiting the access an employee, contractor or third-party vendor has to your systems and data. Even in an AI-powered future, the network security boundary still matters, providing organizations with meaningful control over who gets access to their systems and data and how.
Advertisement
“That’s really where strong identity is still really critical in order to [first] repel an attempted exploitation before it can happen or, [second,] identify very quickly that this person or this machine really shouldn’t be on the network” or is behaving anomalously,” Polk said.
However, even before large language models emerged, cybercriminals and foreign adversaries were increasingly compromising organizations not with malware or sophisticated exploits, but by gaining network access through stolen accounts, credentials, and other trusted assets.
Federal identity security, already a concern, is now set to become more critical in the age of AI.
Justin Ubert, director of cyber protection at the [Department of Transportation,](https://cyberscoop.com/tag/Department-of-Transportation/) said beyond speed and scale, AI tools have given malicious hackers other advantages, like obviating the need for stealth.
“Now, you can have a smash-and-grab of your network that’s faster than you can respond to because…there’s no need to be quiet: just go in, grab and go [home],” said Ubert. “By the time your fences are working as they’re supposed to be, as we designed them to be, they’re already gone.”
Advertisement
AI tools can also easily become insider threats. Even when users restrict their ability to perform sensitive actions like downloading or exfiltrating data without human input, models have bypassed those guardrails by exploiting obscure technical loopholes.
Research released last month by the University of California-Riverside found that automated AI agents “can become dangerously fixated on completing assignments without recognizing when their actions are harmful, contradictory or simply irrational.”
The study, which examined [Anthropic](https://cyberscoop.com/tag/anthropic/)’s Claude Sonnet and Opus 4, as well as [OpenAI](https://cyberscoop.com/tag/openai/)’s ChatGPT-5, found that model agents struggled with contextual reasoning, had biases towards taking action (i.e. figuring out how to do something instead of whether to do it) and would frequently get tripped up by contradictory or infeasible goals.
Anna Libkhen, acting CISO for the Bureau of Economic Analysis at the Department of Commerce, said that AI has become “much more clever in hiding how it managed to penetrate and attack and come through as a trustworthy source.”
When asked how the federal government was working to address current gaps in identity security that are increasingly being exploited by AI systems, Libkhen said federal leaders are “peeing in their pants” before adding “at least I am.”
Advertisement
“It is scary, yes, we are very vulnerable,” Libkhen said.
She compared the use of AI agents to teaching a child to ice skate: the first thing you teach them is how to handle a fall and recover. Likewise, organizations will need to plan for when their agents fail and quickly recover lost assets.
“Our agents will go wrong, they will do things we don’t expect them to. How do we get up?” said Libkhen. “Do we have that third set of data because that agent erased the database and the backup? Is it safe elsewhere? What kind of holes can you anticipate and what will it take for us to recover from those holes?”
![Image 3: Derek B. Johnson](http://2.gravatar.com/avatar/ea8b076b398ee48b71cfaecf898c582b?s=192&d=mm&r=g)
#### Written by Derek B. Johnson
 Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia. 
#### In This Story
*   [Artificial Intelligence (AI)](https://cyberscoop.com/tag/artificial-intelligence-ai/)
*   [credential theft](https://cyberscoop.com/tag/credential-theft/)
*   [identity](https://cyberscoop.com/tag/identity/)
*   [identity authentication](https://cyberscoop.com/tag/identity-authentication/)
*   [White House](https://cyberscoop.com/tag/white-house/)
Share
*   [Facebook](https://www.facebook.com/sharer/sharer.php?u=https://cyberscoop.com/white-house-federal-identity-security-ai-risks/)
*   [LinkedIn](https://www.linkedin.com/cws/share?url=https://cyberscoop.com/white-house-federal-identity-security-ai-risks/)
*   [Twitter](https://twitter.com/intent/tweet?url=https://cyberscoop.com/white-house-federal-identity-security-ai-risks/)
*   Copy Link
Advertisement
Advertisement
## More Like This
1.   ### [Former CISA nominee Sean Plankey named US CEO of defense startup](https://cyberscoop.com/former-cisa-nominee-sean-plankey-named-us-ceo-of-defense-startup/)
By [Tim Starks](https://cyberscoop.com/author/tim-starkscyberscoop-com/) 
2.   ### [Colorado governor commutes prison sentence for election denier Tina Peters](https://cyberscoop.com/colorado-election-denier-tina-peters-sentence-commuted-governor-jared-polis/)
By [Derek B. Johnson](https://cyberscoop.com/author/derek-johnson/) 
3.   ### [The Canvas breach proved that prevention is no longer enough](https://cyberscoop.com/canvas-breach-saas-security-identity-governance-op-ed/)
By [Rishi Kaushal](https://cyberscoop.com/author/rishi-kaushal/) 
Advertisement
Advertisement
## More Scoops
[![Image 4](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/IMG_1862.jpg?w=465)](https://cyberscoop.com/pentagon-cyber-ai-revolutionary-warfare-mythos/)
 Paul Lyons, principal principal deputy assistant secretary for cyber policy, right. (Image Source: Maggie Callahan/Scoop News Group) 
### [Pentagon cyber official calls advanced AI ‘revolutionary warfare’](https://cyberscoop.com/pentagon-cyber-ai-revolutionary-warfare-mythos/)
 Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense. 
By [Tim Starks](https://cyberscoop.com/author/tim-starkscyberscoop-com/)
[![Image 5](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/GettyImages-2229149370-1-1.jpg?w=252)](https://cyberscoop.com/ai-autonomous-cyber-capability-benchmarks-broken-gpt5-claude-mythos/)
### [Researchers say AI just broke every benchmark for autonomous cyber capability](https://cyberscoop.com/ai-autonomous-cyber-capability-benchmarks-broken-gpt5-claude-mythos/)
By [Greg Otto](https://cyberscoop.com/author/greg-otto/)
[![Image 6](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/GettyImages-1483543512.jpg?w=258)](https://cyberscoop.com/house-homeland-security-briefing-anthropic-mythos-cyber-risks/)
 Steam from a vent obscures the U.S. Capitol in Washington, D.C. Photographer: Julia Nikhinson/Bloomberg; Getty Images 
### [Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks](https://cyberscoop.com/house-homeland-security-briefing-anthropic-mythos-cyber-risks/)
By [Tim Starks](https://cyberscoop.com/author/tim-starkscyberscoop-com/)
### [Weaponized AI: The new frontier of fraud and identity spoofing](https://cyberscoop.com/ai-generated-fraud-identity-spoofing-defense-strategy/)
By [Fernanda Sottil](https://cyberscoop.com/author/fernanda-sottil/)
### [Daybreak is OpenAI’s answer to the AI arms race in cybersecurity](https://cyberscoop.com/openai-daybreak-gpt-5-5-anthropic-mythos-cybersecurity/)
By [Greg Otto](https://cyberscoop.com/author/greg-otto/)
### [AI is separating the companies built to scale from the ones built to sell](https://cyberscoop.com/ai-cybersecurity-market-trends-2026-op-ed/)
By [Dave DeWalt](https://cyberscoop.com/author/dave-dewalt/)[Katie Gray](https://cyberscoop.com/author/katie-gray/)[Mark Hatfield](https://cyberscoop.com/author/mark-hatfield/)[Yoav Leitersdorf](https://cyberscoop.com/author/yoav-leitersdorf/)[Amir Zilberstein](https://cyberscoop.com/author/amir-zilberstein/)
### [US government, allies publish guidance on how to safely deploy AI agents](https://cyberscoop.com/cisa-nsa-five-eyes-guidance-secure-deployment-ai-agents/)
By [Greg Otto](https://cyberscoop.com/author/greg-otto/)
## Latest Podcasts
![Image 7](https://cyberscoop.com/wp-content/uploads/sites/3/2026/03/SafeMode-Guest_thumbnail-31.png?w=300)
#### [When iPhone exploits turn into commodities](https://cyberscoop.com/radio/criminal-groups-and-opportunistic-attackers-will-operationalize-it-against-the-enormous-population-of-out-of-date-ios-devices/)
![Image 8](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/SafeMode-Guest_thumbnail-39.png?w=300)
#### [Why access brokers have stubbornly remained successful](https://cyberscoop.com/radio/current-landscape-of-initial-access-brokers-and-how-their-tactics-continue-to-support-ransomware-operations/)
![Image 9](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/FSU.jpeg?w=300)
#### [Family of FSU shooting victim sues OpenAI Foundation for negligence, lack of safety guardrails](https://cyberscoop.com/radio/openai-chatgpt-safety-guardrails-family-lawsuit-fsu-shooting/)
![Image 10](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/SafeMode-Guest_thumbnail-38.png?w=300)
#### [Can you prove which agent did what?](https://cyberscoop.com/radio/greg-otto-talks-with-howard-ting-ceo-of-opal-security-about-the-growing-security-challenges-created-by-ai-agents/)
### Government
*   [Here’s how the FTC plans to enforce the Take It Down Act](https://cyberscoop.com/ftc-take-it-down-act-enforcement-deepfakes/)
*   [DOJ releases legal rationale for nationwide voter data collection](https://cyberscoop.com/federal-voter-data-collection-doj-legal-memo/)
*   [Instructure claims hackers returned stolen Canvas data after an extortion standoff](https://cyberscoop.com/canvas-instructure-data-theft-extortion-the-com/)
*   [Trump officials are steering a cybersecurity scholarship program toward AI](https://cyberscoop.com/sfs-scholarship-program-trump-administration-ai-shift/)
### Technology
*   [Major world economies spell out key elements of AI ‘ingredients list’](https://cyberscoop.com/g7-cisa-ai-sbom-security-guidance/)
*   [Google and Amnesty International teamed up to make it harder for spyware vendors to hide](https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/)
*   [Google spotted an AI-developed zero-day before attackers could use it](https://cyberscoop.com/google-threat-intelligence-group-ai-developed-zero-day-exploit/)
*   [Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI](https://cyberscoop.com/claude-chrome-extension-allows-plugins-to-hijack-ai/)
### Threats
*   [Cisco zero-day under ongoing attack by persistent threat group](https://cyberscoop.com/cisco-sd-wan-zero-day-exploited/)
*   [Major tech manufacturer Foxconn confirms cyberattack hit North American factories](https://cyberscoop.com/foxconn-cyberattack-disrupts-north-america-factories/)
*   [‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack](https://cyberscoop.com/mini-shai-hulud-supply-chain-malware-attack/)
*   [Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical](https://cyberscoop.com/microsoft-patch-tuesday-may-2026/)
### Policy
*   [One House Democrat is pressing Commerce on the government’s spyware use](https://cyberscoop.com/democrat-summer-lee-letter-briefing-nso-group-spyware-trump/)
*   [FCC tightens KYC rules for telecoms, closes loophole for banned foreign services](https://cyberscoop.com/fcc-know-your-customer-supply-chain-security-rules/)
*   [Congress kicks the can down the road on surveillance law (again)](https://cyberscoop.com/congress-extends-section-702-surveillance-45-days/)
*   [Congress, industry ponder government posture for protecting data centers](https://cyberscoop.com/congress-industry-ponder-government-posture-for-protecting-data-centers/)
Advertisement
[![Image 11: Scoop News Group](https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/images/logo-sng.svg)](https://scoopnewsgroup.com/)[About Us](https://cyberscoop.com/about/)
*   [FedScoop](https://www.fedscoop.com/)
*   [DefenseScoop](https://defensescoop.com/)
*   [StateScoop](https://statescoop.com/)
*   [EdScoop](https://edscoop.com/)
*   [CyberScoop](https://cyberscoop.com/)
*   [AIScoop](https://aiscoop.com/)
*   [Newsletters](https://cyberscoop.com/subscribe)
*   [Advertise with us](https://scoopnewsgroup.com/oursolutions/)
*   [Ad specs](https://cdn.fedscoop.com/2025_DigitalAdvertisingSpecs.pdf)
*   [(202) 887-8001](tel:202208878001)
*   [hello@cyberscoop.com](mailto:hello@cyberscoop.com)
*   [FB](https://www.facebook.com/cyberscoop)
*   [TW](https://twitter.com/cyberscoopnews)
*   [LinkedIn](https://www.linkedin.com/company/4847467)
*   [IG](https://www.instagram.com/cyberscoopnews)
*   [YT](https://www.youtube.com/@cyberscoop_sng)
[![Image 12: CyberScoop](https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/logo-cyber.svg)](https://cyberscoop.com/) Close Ad 
Continue to CyberScoop
![Image 14](https://t.co/i/adsct?bci=3&dv=UTC%26en-US%26Google%20Inc.%26Linux%20x86_64%26255%26800%26600%268%2624%26800%26600%260%26na&eci=2&event_id=df72d21f-f64a-435f-ab79-8abe2394c7c3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2cd0a063-09c3-4cf0-a030-6400edec449b&pt=White%20House%20cyber%20official%3A%20identity%20security%20matters%20more%20than%20ever%20in%20the%20age%20of%20AI%20%7C%20CyberScoop&tw_document_href=https%3A%2F%2Fcyberscoop.com%2Fwhite-house-federal-identity-security-ai-risks%2F&tw_iframe_status=0&tw_order_quantity=0&tw_pid_src=1&tw_sale_amount=0&twpid=tw.1779117074510.757255342378458033&txn_id=nv8sr&type=javascript&version=2.3.53)![Image 15](https://analytics.twitter.com/i/adsct?bci=3&dv=UTC%26en-US%26Google%20Inc.%26Linux%20x86_64%26255%26800%26600%268%2624%26800%26600%260%26na&eci=2&event_id=df72d21f-f64a-435f-ab79-8abe2394c7c3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2cd0a063-09c3-4cf0-a030-6400edec449b&pt=White%20House%20cyber%20official%3A%20identity%20security%20matters%20more%20than%20ever%20in%20the%20age%20of%20AI%20%7C%20CyberScoop&tw_document_href=https%3A%2F%2Fcyberscoop.com%2Fwhite-house-federal-identity-security-ai-risks%2F&tw_iframe_status=0&tw_order_quantity=0&tw_pid_src=1&tw_sale_amount=0&twpid=tw.1779117074510.757255342378458033&txn_id=nv8sr&type=javascript&version=2.3.53)