Events
News
Resources
Sponsor
Gallery
About
Advisory Board
2025 Calendar
2026 Calendar
TechTalk Daily

America’s Cyber Defense Is Operating Without Confirmed Leadership—As China Deploys Autonomous AI Attacks

Back

America’s Cyber Defense Is Operating Without Confirmed Leadership—As China Deploys Autonomous AI Attacks

By Rex M. Lee – Security & Privacy Advisor, Investigative Tech Journalist
My Smart Privacy

As the United States approaches its 250th anniversary, a milestone celebrating constitutional rights, human liberty, and democratic resilience—our cyber and infrastructure defense apparatus is confronting an unprecedented challenge: a surge in AI-driven attacks launched by foreign adversaries at the very moment our key cyber agencies remain without Senate-confirmed leadership.

This convergence represents more than a bureaucratic gap. It is a structural vulnerability.

CISA and NSA/Cyber Command: The Leadership Vacuum

In any normal period, extended vacancies atop America’s primary cyber-defense agencies would merit concern. But in an era defined by AI-accelerated threats, the stakes are exponentially higher.

Cybersecurity and Infrastructure Security Agency (CISA)

  • As of late 2025, CISA still has no Senate-confirmed Director.
  • Madhu Gottumukkala has served as Acting Director (and still Deputy Director) since May 19, 2025.
  • In March 2025, the White House nominated Sean Plankey to the role, but the confirmation process has not yet been completed.

In short: CISA is being led by a highly capable acting leader, but the agency continues without a Senate-confirmed Director more than eight months after the nomination.

National Security Agency (NSA) / U.S. Cyber Command (Cyber Com)

The dual-hat leadership overseeing America’s electronic intelligence apparatus and cyber-warfare command has been vacant even longer.

  • In April 2025, Gen. Timothy Haugh—the dual-hat Director of NSA and Commander of Cyber Command—was dismissed.
  • The position has since been filled in an acting capacity by Lt. Gen. William J. Hartman.
  • Public reporting notes that the NSA and Cyber Command have gone more than seven months without a Senate-confirmed permanent leader.

This does not mean these agencies lack leadership. It means that the most critical positions in America’s cyber-defense architecture remain unconfirmed during a moment of intensifying global cyber conflict.

This is not business as usual.

China’s Autonomous AI Cyberattack: A Global Warning Shot

In mid-September 2025, Anthropic—developer of the Claude AI models—detected what it called a “large-scale, AI-driven cyber-espionage campaign” linked with high confidence to a Chinese state-sponsored actor.

This campaign marks a historic shift in cyberwarfare.

Key facts from the investigation:

  • Approximately 30 organizations were targeted across sectors including technology, finance, chemicals, and government.
  • The attack leveraged Claude Code, an advanced AI coding/agentic model, to perform cyber-operations autonomously.
  • Anthropic reports 80–90% of the attack operations were executed without human intervention.
  • The company described it as:
    “the first documented case of a large-scale cyberattack executed without substantial human involvement.”

This represents a watershed moment:
autonomous, self-directed AI agents conducting offensive cyber operations at scale.

The attackers did not need large human teams. They needed compute power, training data, and strategic intent.

The implications for national security are profound.

A Dangerous Convergence: Leadership Vacancies + Autonomous AI Threats

If foreign adversaries ever wanted to test U.S. cyber readiness, they could not have chosen a more opportune moment.

Two realities now exist simultaneously:

1. America’s top cyber-defense agencies are operating in “acting mode.”

  • No Senate-confirmed CISA Director.
  • No Senate-confirmed leader for NSA/Cyber Command.
  • Leadership in both agencies has been stalled for 7–8 months as of November of 2025, of which could have been delayed to the recent government shutdown.
  • Congressional concern has been raised, but no formal explanation for the delays has been publicly provided.

2. China has demonstrated the ability to conduct autonomous AI cyber operations.

  • Highly automated.
  • Capable of large-scale targeting.
  • Potentially scalable to levels no human team could match.
  • Still under assessment, with many operational details undisclosed.

This convergence should alarm policymakers, industry leaders, and the public—not in a sensational way, but in a deeply pragmatic one.

Why This Matters for National Security and Critical Infrastructure

The United States relies heavily on the stability and strategic direction of CISA and NSA/Cyber Command to defend:

  • telecommunications infrastructure,
  • industrial control systems,
  • financial networks,
  • chemical manufacturing,
  • cloud ecosystems,
  • and the broader civilian and military digital landscape.

In an age where AI adversaries operate at machine speed, the absence of confirmed, mission-driven leadership at these agencies creates strategic ambiguity—for the public, for industry, and for adversaries monitoring our decision-making processes.

Autonomous AI cyberattacks are not speculative future risks.
They are current events.

This moment demands urgency, clarity, and leadership—not prolonged vacancies.

The Bottom Line

The United States is confronting a new era of AI-accelerated cyber warfare, and foreign intelligence services are already exploiting the transition.

As we celebrate 250 years of American independence, the country must recognize:

  • Our digital infrastructure is now our constitutional infrastructure.
  • Cyber agencies need strong, confirmed leadership to confront autonomous AI threats.
  • AI-driven attacks by hostile state actors represent a paradigm shift requiring congressional, executive, and industrial mobilization.

The AI threat landscape isn’t waiting for political processes to catch up.

Neither should we.