A group of US trade associations has urged the federal government to take coordinated action on AI-enabled cyber risk across sectors including energy, finance, healthcare, technology and electrical manufacturing.
In a joint letter, the associations called on the administration to work with AI developers and critical infrastructure operators on voluntary practices for the development, testing and deployment of advanced AI systems. They argued that cyber risk is now deeply interconnected across sectors and requires a shared response from government and industry.
The signatories include the Alliance for Chemical Distribution, American Fintech Council, Business Software Alliance, Cybersecurity Coalition, Cyber Threat Alliance, Electronic Transactions Association, Healthcare Leadership Council, Independent Community Bankers of America, National Electrical Manufacturers Association and TechNet.
The intervention reflects growing industry concern over the security implications of more advanced AI tools, particularly their potential to find software flaws more quickly, automate attacks and shorten the time available for detection and remediation. The letter said any national response should recognise how quickly vulnerability discovery, observability and incident response cycles are changing.
Among the recommendations was wider adoption of AI in cybersecurity operations. The groups urged organisations to use AI to improve threat detection, response and vulnerability management, while updating security platforms and reducing data silos that slow decision-making.
They also called for stronger public-private coordination, including more structured engagement among federal agencies, sector risk management bodies, infrastructure operators and service providers. Existing coordination channels, they said, should be updated to support AI-related readiness and information sharing.
Policy priorities
Another focus was the vulnerability disclosure system and incident response process. The associations argued that the Common Vulnerabilities and Exposures ecosystem should be strengthened to handle a higher volume of issues as AI speeds vulnerability discovery. Federal investigative and remediation frameworks, they added, should be updated to match faster attack cycles.
The letter also raised workforce concerns, saying the US needs an AI-ready cyber workforce strategy that expands the talent pipeline, raises AI literacy and gives organisations enough surge capacity to manage a faster tempo of AI-related threats.
On regulation, the associations argued that overlapping cyber reporting obligations are placing avoidable strain on security teams. They called for incident reporting rules to be streamlined across federal agencies, with more consistent timelines, definitions and formats.
The recommendations also covered risk management and infrastructure resilience. The groups urged policymakers to build on existing cyber guidance while addressing specific AI gaps, identifying Zero Trust, immutable and isolated backups, readiness for post-quantum cryptography and preparation for malicious use as priority areas.
Testing systems
The signatories also called for more structured collaboration among government, critical infrastructure sectors and frontier AI developers. They said sustained testing, red-teaming and trusted information sharing would help shape practical safeguards and response protocols for advanced AI systems.
The letter set out the group's position in direct terms: "The U.S. government should work with AI companies to promote voluntary development, testing, and deployment practices that help protect society from the malicious use of advanced AI systems. We stand ready to support this effort with technical expertise, operational insight, and participation in any public-private processes the Administration may convene."
The associations linked their recommendations to the administration's broader cyber strategy and said the next step is to turn broad objectives into operational measures that government and industry can use. They argued that the pace of change in AI means cyber preparedness can no longer rely on slower policy and response models.
They described the challenge as one of execution as much as strategy: "We must work together to translate pertinent elements of the Strategy into concrete action that prepares government and the private sector for the speed and scale of the AI era-particularly the implications of vulnerability discovery, observability, remediation, and risk-management lifecycles that are compressing in real time."