The Trump administration unveiled its new federal clearinghouse for sharing AI cyber threat information between the government and private sector, and said the project is already receiving threat intelligence on cybersecurity vulnerabilities and prioritizing patching.
Created last month through a White House executive order, “Gold Eagle” will be managed by the Department of the Treasury, with contributions from the Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, and Department of Defense, as well as open-source software providers, critical infrastructure operators and industry.
“Under President Trump’s leadership, the Treasury Department is working hand in hand with the private sector to safeguard our financial institutions, close vulnerabilities, and protect the integrity of the U.S. financial system,” Secretary of the Treasury Scott Bessent said in a statement. “Treasury, along with our partner agencies, will continue to harness frontier AI capabilities to stay ahead of our adversaries and defend the American people from emerging threats.”
Gold Eagle is meant to help both public and private organizations find, fix and patch vulnerabilities found using AI tools before they’re discovered and exploited by bad actors. The work will involve using AI to find cybersecurity vulnerabilities in victim systems and software, and Secretary of Homeland Security Markwayne Mullin said it would also further explore ways for the technology to be leveraged for cyber defense.
According to the White House, Gold Eagle has already been used to collect intelligence on vulnerabilities.
As AI models have improved at carrying out core cybersecurity-related tasks – like scanning code for vulnerabilities or developing proof-of-concept exploit code – cybersecurity experts and policymakers have become increasingly worried. The modern internet is rife with insecure code, misconfigurations and other mistakes that can be identified and exploited faster than ever before using AI tools.
Vulnerabilities in open-source software can be both widespread and hidden, as many commercial software products on the market rely on open-source code but few bother to document it. When hackers compromised a logging tool in the Log4J open-source Apache software library in 2021, it required a massive, multi-month coordination effort by CISA, the private sector and other stakeholders to find and fix affected pieces of software.
A White House official told reporters in a press briefing Tuesday that the work of Gold Eagle is reflective of the administration’s “full support” of U.S. open-source software providers and maintainers.
Open source tools are “vital to systems that run throughout our country and daily life,” a senior administration official said, speaking to reporters on background. “It is being maintained by a talented group of people and entities and we will do everything we can to support the strength of that community.
Michael Daniel, former White House cyber coordinator under President Barack Obama, told CyberScoop that AI is still so new that policymakers continue to observe its impact and adapt. While some existing communication channels for sharing cybersecurity threat information could probably be duplicated for tracking AI threats, there is still much for policymakers to learn more about the technology, the kind of threats it produces and its ecosystem of stakeholders.
“It may turn out at the end of the day that phishing is still phishing, and the fact that now you’ve got AI tools doing it, it’s still phishing. Or there may be something fundamentally different about it that we need to figure out how to combat and share information around,” he said.
The post White House details ‘Gold Eagle’ clearinghouse for AI cyber threats appeared first on CyberScoop.