IIG - AI as a Cyber Co-Pilot

Original broadcast 6/4/25

Presented by Rocket Software & Carahsoft

Mac Gupta, Senior Director of Marketing at Rocket Software, offers a grounded and pragmatic take on how artificial intelligence can—and should—support federal cybersecurity strategies. He sees AI not as a replacement for human decision-making but as an intelligent assistant: a co-pilot that augments situational awareness, speeds up threat detection, and improves overall cyber resilience.

Gupta explains that in today’s environments, data volumes are massive and growing by the second. Human analysts simply cannot process every alert, log, or anomaly on their own. That’s where AI steps in—not to take control, but to sift through this data, identify patterns, and present actionable insights. In Gupta’s view, AI’s greatest value lies in enabling faster, smarter decision-making by the people who ultimately remain in charge of critical systems.

One of the recurring challenges Gupta highlights is the presence of blind spots—areas of the IT environment that remain overlooked or under-monitored. Too often, core systems like mainframes are assumed to be secure simply because of their robust architectures or long-standing access controls. But these assumptions can be dangerous. “You have to assume the adversary is already inside,” he says, which means visibility and verification must extend everywhere, including the most mission-critical legacy platforms.

Cyber resilience, Gupta notes, is about much more than breach prevention. It includes rapid detection, containment, and recovery. AI plays an important role in each of these phases. By automating the monitoring of networks and endpoints, AI can detect changes in behavior or system status that might indicate a compromise. When that happens, AI can also help prioritize response based on impact and urgency, reducing the time it takes to contain threats before they spread.

Gupta is careful to emphasize that automation does not equal autonomy. Smart automation still requires human oversight, especially when it comes to decisions that may affect sensitive data, system access, or mission execution. He views AI as a complement to human expertise—a way to enhance, not replace, cyber professionals.

The conversation also touches on the broader Zero Trust movement across federal agencies. Gupta sees Zero Trust as an ideal use case for AI augmentation. Zero Trust frameworks are built around identity, access control, segmentation, and least privilege—all areas where real-time data analysis can significantly improve enforcement and detection. AI can help monitor user behavior, flag anomalies, and support policy enforcement dynamically.

However, Gupta warns that many agencies are still in the early stages of Zero Trust implementation and may be overcomplicating their approach. He advises federal cybersecurity leaders to start with the basics—multi-factor authentication, single sign-on, and access control segmentation. These “low-hanging fruit” solutions build the foundation for more sophisticated AI-augmented strategies in the future.

Gupta also stresses the importance of regular, automated deep scans of core systems—particularly those that are older or more complex. These scans should be looking not just for known vulnerabilities but for integrity gaps and signs of unauthorized changes. AI can play a critical role here, detecting subtle indicators of compromise that manual reviews might miss.

Looking ahead, Gupta sees a future in which AI is integrated into all layers of federal cybersecurity—from initial threat detection to response, recovery, and even forensic investigation. But he’s also realistic about the challenges: legacy infrastructure, organizational silos, and cultural resistance can all slow down adoption. That’s why education and pilot programs are so important.

Ultimately, Gupta believes that AI must be part of a holistic strategy, not a bolt-on or silver bullet. When deployed thoughtfully, AI can become a powerful co-pilot—one that strengthens cybersecurity teams, improves operational awareness, and supports faster, more informed decisions in the face of increasingly sophisticated threats.

Key Takeaways:

• AI enhances cyber operations by detecting patterns, surfacing insights, and supporting rapid response—but always with human oversight.

• Core systems like mainframes are often overlooked and must be actively scanned for vulnerabilities and blind spots.

• Zero Trust success starts with foundational controls like MFA and access segmentation, paving the way for more advanced AI-driven resilience.

This interview was recorded on location at TechNet Cyber 2025 and included as part of the TV show Innovation in Government from TechNet Cyber.