AI, Cyber, and the Government’s Race to Move Faster Without Breaking Security

Original Broadcast Date: 3/22/2026

This episode of Fed Gov Today explores a critical inflection point for federal cybersecurity and acquisition, where agencies are under pressure to move faster without compromising security. Acting federal CISO Michael Duffy is prioritizing the empowerment of agency CISOs, and USDA CISO Tony Brannum describes what that means on the ground: accelerating innovation—especially with AI—while maintaining strong risk management.

Artificial intelligence is central to that push. Agencies are experimenting with AI to improve threat detection, automate vulnerability analysis, and dramatically reduce the time it takes to authorize new systems. Brannum emphasizes the potential to cut months-long Authority to Operate (ATO) timelines down significantly, though challenges remain around governance, model training, and ensuring AI doesn’t introduce new risks.

At the same time, a recent federal continuity test exposed persistent communication gaps across agencies, highlighting the need for better coordination and a centralized source of truth—likely led by CISA—to manage shared threat intelligence.

The episode places stronger emphasis on acquisition reform, where former GSA official Tom Howder outlines major upcoming changes. GSA’s “refresh 31” aims to expand transactional data reporting across all schedules and introduce a sweeping new AI clause. While intended to modernize procurement, improve pricing transparency, and reduce supply chain risk, these changes are raising concerns among vendors due to their complexity and tight compliance timelines.




AI vs. Red Tape: How Federal CISOs Are Trying to Move at Startup Speed

Federal cybersecurity leaders are under pressure to move faster than ever—and AI is becoming their biggest lever. USDA CISO Tony Brannum explains how agencies are working to balance rapid innovation with security, especially as demand grows for AI-driven automation. From threat detection to vulnerability analysis, AI is helping teams process massive amounts of data and identify risks faster. One of the biggest opportunities: shrinking the Authority to Operate (ATO) process from months to weeks.

But speed isn’t the only challenge. A recent federal continuity test revealed major communication gaps between agencies, highlighting the need forBrannumFrame2 better coordination and a centralized source of truth for threat intelligence. Brannum also emphasizes the push to standardize governance and streamline risk management across agencies. The goal is clear: enable mission delivery without cybersecurity becoming a bottleneck—proving that security and speed don’t have to be at odds.

Key Takeaways:

  • Federal CISOs are using AI to accelerate security processes while trying to maintain strong risk management.
  • Automating the ATO process could drastically reduce deployment timelines from months to weeks.
  • Cross-agency communication gaps remain a major weakness, driving the need for centralized coordination through CISA.




The $100B Shake-Up: Inside Government’s Bold (and Risky) Acquisition Overhaul

A major transformation in federal acquisition is underway—and it could redefine how government buys everything, especially AI. Former GSA official Tom Howder breaks down “refresh 31,” a sweeping update to the Multiple Award Schedule program. At its core is a push to expand transactional data reporting (TDR) across all contracts, aiming to improve pricing transparency and move away from outdated pricing rules.

At the same time, a new governmentwide AI clause is raising alarms across industry. While designed to reduce supply chain risk and protect HowderFrame1government data, the clause introduces complex compliance requirements that vendors may struggle to meet—especially under tight timelines.

The stakes are high: these changes could streamline procurement and unlock innovation, but only if agencies adopt them effectively and vendors can keep up. Without careful execution, reform could create friction instead of flexibility.

Key Takeaways:

  • GSA’s “refresh 31” aims to expand transactional data reporting to improve pricing transparency across all contracts.
  • A new AI acquisition clause introduces significant compliance challenges for vendors despite its security goals.
  • The success of acquisition reform depends on both agency adoption and the ability of industry to keep pace.