The Trump administration’s recently released National Cybersecurity Strategy frames the rapid adoption and acceleration of artificial intelligence (AI) as central to maintaining U.S. superiority as a national power and clearly signals a move toward more autonomous, integrated and decision-capable AI systems.
Defense agencies are already beginning to use this type of “agentic AI,” or AI that can autonomously plan, make decisions and take actions toward a goal. The Department of Defense is doing this through programs like the Defense Innovation Unit’s Project Thunderforge, the centralized generative AI platform’s rollout of AI tools across personnel and more than $200 million in frontier AI contracts investing in automated cyber operations, logistics and command support.
However, pressure to rapidly implement and deploy AI systems often comes at the cost of security.
From reactive to proactive AI
AI-powered systems have changed the game when it comes to automation. Historically, AI platforms would wait for human direction before acting. Agentic AI no longer does that – it makes automated decisions based on context and previous interactions.
For example, by drawing on satellite imagery, logistics data and historical mission outcomes, an AI-enabled system could detect shifting battlefield conditions, reassess resource needs and adjust deployment plans in real-time without ever being explicitly prompted to act. In other words, each step a system takes is informed by the previous one.
In theory, this leads to greater efficiency and smarter decision-making. However, it’s only as effective as the data powering it. Without a baseline understanding of how AI is supposed to behave, operators can miss that a series of relatively harmless individual actions could be causing it to drift toward dangerous outputs over time.
In this example, degraded satellite imagery or inaccurate sensor feeds could cause certain areas to underreport or inaccurately detail their needs. If these errors aren’t addressed, the system will continue to make decisions based on the bad data and send resources like fuel, equipment and personnel away from areas that actually need it.
On paper, each decision reflects what the data shows, but without vetting these trends over time, operators would miss a coverage gap that could result in mission failure.
Proactive security essential
Agencies deploying AI systems can no longer assume they’re protected by legacy security methods such as basic guardrails, which consist of static rules that attackers can learn to bypass. Since they don’t require a single prompt to act, filtering prompts to block jailbreak attempts (deliberate strategies to bypass AI safety filters and operational constraints) are largely ineffective. Similarly, legacy rules telling AI systems “not to access a certain system” with coded guardrails don’t apply, since they’re operating in dynamic environments.
In these cases, risk arises from a combination of factors rather than a single violation. The AI observes new information, updates its internal state, reprioritizes tasks and acts again. Security teams need to see what the AI system did, but also how its decisions relate to historical context.
This means agencies need an approach that accounts for how autonomous AI behaves over time, protecting against emerging risks like adversaries subtly influencing the AI’s goals or altering instructions with the intention of causing destruction. By investing in solutions that continuously evaluate an AI system’s intent, historical behavior and alignment with mission objectives, agencies can move forward with greater confidence in the systems they deploy.
Existing projects like Thunderforge and Gen.AI.mil, coupled with the National Cybersecurity Strategy’s urgent mandate to leverage AI, are putting the Department of Defense under pressure to fully realize AI’s potential.
AI is now proactive, not simply reactive. Without monitoring its behavior and intent across decisions, agencies risk systems that gradually drift from mission objectives.
